[Git][security-tracker-team/security-tracker][master] more mina/mina2 issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 26 11:23:18 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44174ec0 by Moritz Muehlenhoff at 2024-12-26T12:22:57+01:00
more mina/mina2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -258729,7 +258729,9 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF))
 CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
 	NOT-FOR-US: chaskiq
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
-	NOT-FOR-US: Apache MINA
+	- mina <unfixed>
+	- mina2 2.1.5-1
+	NOTE: https://lists.apache.org/thread/sq0kkqvxcp7xjt8gxdyb650nj8dv6qv0
 CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
@@ -454821,7 +454823,8 @@ CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the
 	- tomcat8 <not-affected> (Windows-specific)
 	NOTE: https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
 CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a connec ...)
-	NOT-FOR-US: Apache MINA
+	- mina <unfixed>
+	- mina2 2.1.4-1
 CVE-2019-0230 (Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when eval ...)
 	- libstruts1.2-java <removed>
 CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44174ec0b770bc744fd87ecff88905039c5f7abd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44174ec0b770bc744fd87ecff88905039c5f7abd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241226/bc8e07b1/attachment.htm>

More information about the debian-security-tracker-commits mailing list