[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-27561/runc: clarification

Sylvain Beucler (@beuc) beuc at debian.org
Fri Mar 10 18:49:43 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57e9f283 by Sylvain Beucler at 2023-03-10T19:50:13+01:00
CVE-2023-27561/runc: clarification

- - - - -
28fd8252 by Sylvain Beucler at 2023-03-10T19:50:14+01:00
CVE-2021-3592/qemu: reference regression fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -130983,6 +130983,7 @@ CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP ne
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
+	NOTE: Regression fix: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c9f314f6e315a5518432761fea864196a290f799 (v4.6.1)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 	NOTE: The patch introduced a regression, see Debian bug #994080 for more information.
 CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...)
@@ -240581,7 +240582,7 @@ CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to Escal
 	NOTE: https://github.com/opencontainers/runc/issues/3751
 	NOTE: https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
 	NOTE: https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
-	NOTE: Issue exists because of a CVE-2019-19921 regression.
+	NOTE: Issue exists because of a CVE-2019-19921 regression introduced by the fix for CVE-2021-30465.
 	NOTE: Pull Request: https://github.com/opencontainers/runc/pull/3756
 CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...)
 	- runc 1.0.0~rc10+dfsg1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb39682d727fe3b0fc499131f4aac3ea30237f46...28fd82522f97529df9dc7b7c640348867bc8815f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb39682d727fe3b0fc499131f4aac3ea30237f46...28fd82522f97529df9dc7b7c640348867bc8815f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/92d36aab/attachment.htm>

More information about the debian-security-tracker-commits mailing list