[Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about CVE-2021-32686.
Ola Lundqvist (@opal)
opal at debian.org
Mon Sep 5 20:44:29 BST 2022
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e12105ff by Ola Lundqvist at 2022-09-05T21:42:21+02:00
Added a note about CVE-2021-32686.
- - - - -
b3da704c by Ola Lundqvist at 2022-09-05T21:43:31+02:00
Added pcs to dla-needed following decision for bullseye.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -90233,6 +90233,8 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
NOTE: https://github.com/pjsip/pjproject/pull/2716
+ NOTE: For buster more work is necessary since at least the file names does not match
+ NOTE: when unpacking the pj package in debian dir.
CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
NOT-FOR-US: tEnvoy
CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
=====================================
data/dla-needed.txt
=====================================
@@ -84,6 +84,12 @@ openexr
NOTE: 20220904: Programming language: C++.
NOTE: 20220904: Should be synced with Stretch. (apo)
--
+pcs
+ NOTE: 20220905: Programming language: Python
+ NOTE: 20220905: Local access needed to get exploit the vulnerability.
+ NOTE: 20220905: One could argue that the vulnerability is in Thin::Backends::UnixServer:connect
+ NOTE: 20220905: since the solution is to override that function with a new umask.
+--
poppler (Markus Koschany)
NOTE: 20220904: Programming language: C.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8879196aa9e8bff958127f64a444248f7b390b20...b3da704c252b1e374f627aaa9e121ae768e43aef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8879196aa9e8bff958127f64a444248f7b390b20...b3da704c252b1e374f627aaa9e121ae768e43aef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/9410d2e4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list