[Git][security-tracker-team/security-tracker][master] CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915, netty
Markus Koschany (@apo)
apo at debian.org
Sun Jan 1 22:18:04 GMT 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9dcadd10 by Markus Koschany at 2023-01-01T23:16:55+01:00
CVE-2021-37136,CVE-2021-37137,CVE-2021-43797,CVE-2022-41881,CVE-2022-41915,netty
fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22417,7 +22417,7 @@ CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. V
NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1)
CVE-2022-41915 (Netty project is an event-driven asynchronous network application fram ...)
- - netty <unfixed> (bug #1027180)
+ - netty 1:4.1.48-6 (bug #1027180)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
NOTE: Fixed by https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4
CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...)
@@ -22494,7 +22494,7 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/server/pull/34559
TODO: check details, is owncloud-client similarly affected?
CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...)
- - netty <unfixed> (bug #1027180)
+ - netty 1:4.1.48-6 (bug #1027180)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
NOTE: Fixed by https://github.com/netty/netty/commit/cd91cf3c99123bd1e53fd6a1de0e3d1922f05bb2
CVE-2022-41880 (TensorFlow is an open source platform for machine learning. When the ` ...)
@@ -87774,7 +87774,7 @@ CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server in
CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
- grafana <removed>
CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
- - netty <unfixed> (bug #1001437)
+ - netty 1:4.1.48-6 (bug #1001437)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
@@ -108251,14 +108251,14 @@ CVE-2021-37139
CVE-2021-37138
RESERVED
CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...)
- - netty <unfixed> (bug #1014769)
+ - netty 1:4.1.48-6 (bug #1014769)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final)
CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...)
- - netty <unfixed> (bug #1014769)
+ - netty 1:4.1.48-6 (bug #1014769)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230101/b9d6cbc2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list