[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-27561/runc: clarification
Sylvain Beucler (@beuc)
beuc at debian.org
Fri Mar 10 18:49:43 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57e9f283 by Sylvain Beucler at 2023-03-10T19:50:13+01:00
CVE-2023-27561/runc: clarification
- - - - -
28fd8252 by Sylvain Beucler at 2023-03-10T19:50:14+01:00
CVE-2021-3592/qemu: reference regression fix
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -130983,6 +130983,7 @@ CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP ne
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
+ NOTE: Regression fix: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c9f314f6e315a5518432761fea864196a290f799 (v4.6.1)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
NOTE: The patch introduced a regression, see Debian bug #994080 for more information.
CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...)
@@ -240581,7 +240582,7 @@ CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to Escal
NOTE: https://github.com/opencontainers/runc/issues/3751
NOTE: https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
NOTE: https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
- NOTE: Issue exists because of a CVE-2019-19921 regression.
+ NOTE: Issue exists because of a CVE-2019-19921 regression introduced by the fix for CVE-2021-30465.
NOTE: Pull Request: https://github.com/opencontainers/runc/pull/3756
CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...)
- runc 1.0.0~rc10+dfsg1-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb39682d727fe3b0fc499131f4aac3ea30237f46...28fd82522f97529df9dc7b7c640348867bc8815f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb39682d727fe3b0fc499131f4aac3ea30237f46...28fd82522f97529df9dc7b7c640348867bc8815f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/92d36aab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list