[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-42377 as unimportant
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 25 12:36:26 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
91bc2ffa by Salvatore Bonaccorso at 2024-12-25T13:35:45+01:00
Mark CVE-2021-42377 as unimportant
As CONFIG_HUSH is not set up to the unstable version, hush is not built
for busybox. For this reason mark it as unimportant and add an
explanatory note. This means that the binary packages are not impacted
while the source might have been.
At same time update the note for the similar CVE-2021-42376.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -257366,16 +257366,16 @@ CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of serv
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...)
- - busybox 1:1.35.0-1 (bug #999567)
- [bullseye] - busybox <not-affected> (CONFIG_HUSH is not set)
+ - busybox 1:1.35.0-1 (bug #999567; unimportant)
[buster] - busybox <not-affected> (CONFIG_HUSH is not set)
[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: CONFIG_HUSH is not set to build hush
CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...)
- busybox 1:1.35.0-1 (unimportant; bug #999567)
[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
- NOTE: Crash in CLI tool, no security impact
+ NOTE: Crash in CLI tool, no security impact, CONFIG_HUSH is not set to build hush
CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...)
- busybox 1:1.35.0-1 (unimportant; bug #999567)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91bc2ffad95c92a5e918994a62ce361b41df0511
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91bc2ffad95c92a5e918994a62ce361b41df0511
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241225/01d0b873/attachment.htm>
More information about the debian-security-tracker-commits
mailing list