[Git][security-tracker-team/security-tracker][master] Move entries for CVE-2021-26119 and CVE-2021-26120

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 29 19:43:57 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39cb9a07 by Salvatore Bonaccorso at 2022-05-29T20:40:55+02:00
Move entries for CVE-2021-26119 and CVE-2021-26120

They were only needed to be fixed in buster and so add only the buster
suite entry directly to the CVE list and ommiting it from the DSA
listing file.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85120,10 +85120,12 @@ CVE-2021-26121
 CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function  ...)
 	{DLA-2618-1}
 	- smarty3 3.1.39-1
+	[buster] - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1
 	NOTE: https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8
 CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...)
 	{DLA-2618-1}
 	- smarty3 3.1.39-1
+	[buster] - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1
 	NOTE: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad
 CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis


=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
 [29 May 2022] DSA-5151-1 smarty3 - security update
-	{CVE-2021-21408 CVE-2021-26119 CVE-2021-26120 CVE-2021-29454 CVE-2022-29221}
+	{CVE-2021-21408 CVE-2021-29454 CVE-2022-29221}
 	[buster] - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1
 	[bullseye] - smarty3 3.1.39-2+deb11u1
 [28 May 2022] DSA-5150-1 rsyslog - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cb9a07e0f3a3ba156bf680df705017256e29a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cb9a07e0f3a3ba156bf680df705017256e29a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220529/757f9145/attachment.htm>

More information about the debian-security-tracker-commits mailing list