[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-4186{7,8}/onionshare

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 22 12:47:54 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02fe58cf by Salvatore Bonaccorso at 2022-10-22T13:45:37+02:00
Track fixed version for CVE-2021-4186{7,8}/onionshare

Those two were fixed in 2.4 upstream. Note that other CVEs listed from
the #1014966 bug have "has been patched in 2.5", but this information
seems incorrect in the CVE description. All the related GHSA's do not
mention them yet as fixed. There is not much information on those to be
tracked.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77268,9 +77268,9 @@ CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec R
 CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
-	- onionshare <unfixed> (bug #1014966)
+	- onionshare 2.5-1 (bug #1014966)
 CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...)
-	- onionshare <unfixed> (bug #1014966)
+	- onionshare 2.5-1 (bug #1014966)
 CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
 	NOT-FOR-US: MyBB
 CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02fe58cf145cfd0f251dc0294960bc15bcde4744

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02fe58cf145cfd0f251dc0294960bc15bcde4744
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221022/c26d25bc/attachment.htm>


More information about the debian-security-tracker-commits mailing list