[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2021-42778/opensc as not-affected for buster and stretch.

Guilhem Moulin (@guilhem) guilhem at debian.org
Tue Jun 20 23:26:47 BST 2023 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38392e82 by Guilhem Moulin at 2023-06-21T00:14:28+02:00
Mark CVE-2021-42778/opensc as not-affected for buster and stretch.

- - - - -
d9265de8 by Guilhem Moulin at 2023-06-21T00:14:30+02:00
CVE-2021-42781/opensc: Reorder upstream commits.

- - - - -
193986c4 by Guilhem Moulin at 2023-06-21T00:14:31+02:00
CVE-2021-42782/opensc: Reorder upstream commits.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125228,20 +125228,20 @@ CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version
 	[buster] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448
-	NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1)
-	NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0)
-	NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c (0.22.0-rc1)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0)
 CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...)
 	- opensc 0.22.0-1
 	[bullseye] - opensc <no-dsa> (Minor issue)
 	[buster] - opensc <no-dsa> (Minor issue)
 	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439
-	NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/5d4daf6c92e4668f5458f380f3cacea3e879d91a (0.22.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1)
 CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in  ...)
@@ -125263,8 +125263,8 @@ CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0
 CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in  ...)
 	- opensc 0.22.0-1
 	[bullseye] - opensc <no-dsa> (Minor issue)
-	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
+	[buster] - opensc <not-affected> (Vulnerable code introduced later)
+	[stretch] - opensc <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c3b15a855ab5aa17e52474c4df239b81ea82c4b...193986c419c54eeae4571b391b89a48fef9c7823

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0c3b15a855ab5aa17e52474c4df239b81ea82c4b...193986c419c54eeae4571b391b89a48fef9c7823
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/1d9acb28/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list