[Git][security-tracker-team/security-tracker][master] CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915, netty

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9dcadd10 by Markus Koschany at 2023-01-01T23:16:55+01:00
CVE-2021-37136,CVE-2021-37137,CVE-2021-43797,CVE-2022-41881,CVE-2022-41915,netty

fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22417,7 +22417,7 @@ CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. V
 	NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
 	NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1)
 CVE-2022-41915 (Netty project is an event-driven asynchronous network application fram ...)
-	- netty <unfixed> (bug #1027180)
+	- netty 1:4.1.48-6 (bug #1027180)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
 	NOTE: Fixed by https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4
 CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...)
@@ -22494,7 +22494,7 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from
 	NOTE: https://github.com/nextcloud/server/pull/34559
 	TODO: check details, is owncloud-client similarly affected?
 CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...)
-	- netty <unfixed> (bug #1027180)
+	- netty 1:4.1.48-6 (bug #1027180)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
 	NOTE: Fixed by https://github.com/netty/netty/commit/cd91cf3c99123bd1e53fd6a1de0e3d1922f05bb2
 CVE-2022-41880 (TensorFlow is an open source platform for machine learning. When the ` ...)
@@ -87774,7 +87774,7 @@ CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server in
 CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
 	- grafana <removed>
 CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
-	- netty <unfixed> (bug #1001437)
+	- netty 1:4.1.48-6 (bug #1001437)
 	[bullseye] - netty <no-dsa> (Minor issue)
 	[buster] - netty <no-dsa> (Minor issue)
 	[stretch] - netty <no-dsa> (Minor issue)
@@ -108251,14 +108251,14 @@ CVE-2021-37139
 CVE-2021-37138
 	RESERVED
 CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...)
-	- netty <unfixed> (bug #1014769)
+	- netty 1:4.1.48-6 (bug #1014769)
 	[bullseye] - netty <no-dsa> (Minor issue)
 	[buster] - netty <no-dsa> (Minor issue)
 	[stretch] - netty <no-dsa> (Minor issue)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
 	NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final)
 CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...)
-	- netty <unfixed> (bug #1014769)
+	- netty 1:4.1.48-6 (bug #1014769)
 	[bullseye] - netty <no-dsa> (Minor issue)
 	[buster] - netty <no-dsa> (Minor issue)
 	[stretch] - netty <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230101/b9d6cbc2/attachment-0001.htm>