[Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about CVE-2021-32686.

Ola Lundqvist (@opal) opal at debian.org
Mon Sep 5 20:44:29 BST 2022



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e12105ff by Ola Lundqvist at 2022-09-05T21:42:21+02:00
Added a note about CVE-2021-32686.

- - - - -
b3da704c by Ola Lundqvist at 2022-09-05T21:43:31+02:00
Added pcs to dla-needed following decision for bullseye.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -90233,6 +90233,8 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
 	NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
 	NOTE: https://github.com/pjsip/pjproject/pull/2716
+	NOTE: For buster more work is necessary since at least the file names does not match
+	NOTE: when unpacking the pj package in debian dir.
 CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
 	NOT-FOR-US: tEnvoy
 CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)


=====================================
data/dla-needed.txt
=====================================
@@ -84,6 +84,12 @@ openexr
   NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
+pcs
+  NOTE: 20220905: Programming language: Python
+  NOTE: 20220905: Local access needed to get exploit the vulnerability.
+  NOTE: 20220905: One could argue that the vulnerability is in Thin::Backends::UnixServer:connect
+  NOTE: 20220905: since the solution is to override that function with a new umask.
+--
 poppler (Markus Koschany)
   NOTE: 20220904: Programming language: C.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8879196aa9e8bff958127f64a444248f7b390b20...b3da704c252b1e374f627aaa9e121ae768e43aef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8879196aa9e8bff958127f64a444248f7b390b20...b3da704c252b1e374f627aaa9e121ae768e43aef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/9410d2e4/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list