[Git][security-tracker-team/security-tracker][master] update the tracking for libyang to cover libyang 1/2/3 correctly

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 30 09:11:06 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f90f5b6 by Moritz Muehlenhoff at 2024-10-30T10:03:05+01:00
update the tracking for libyang to cover libyang 1/2/3 correctly

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -131232,17 +131232,21 @@ CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox
 CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...)
 	NOT-FOR-US: Diasoft File Replication Pro
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	- libyang2 2.1.148-0.1 (bug #1034724)
-	[bookworm] - libyang2 <no-dsa> (Minor issue)
+	[bookworm] - libyang2 <ignored> (Minor issue)
 	[bullseye] - libyang2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1987
 	NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	- libyang2 2.1.148-0.1 (bug #1034154)
-	[bookworm] - libyang2 <no-dsa> (Minor issue)
+	[bookworm] - libyang2 <ignored> (Minor issue)
 	[bullseye] - libyang2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1979
 	NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2023-26915
 	RESERVED
 CVE-2023-26914
@@ -276634,30 +276638,45 @@ CVE-2021-28908
 CVE-2021-28907
 	RESERVED
 CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check w ...)
-	- libyang <removed> (bug #989060)
+	- libyang2 <not-affected> (Fixed before initial upload)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	[bullseye] - libyang <no-dsa> (Minor issue)
 	[buster] - libyang <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1455
+	NOTE: https://github.com/CESNET/libyang/commit/a3917d95d516e3de267d3cfa5d4d3715a90e8777 (v1.0.240)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it asserts that th ...)
-	- libyang <removed> (bug #989060)
+	- libyang2 <not-affected> (Fixed before initial upload)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	[bullseye] - libyang <no-dsa> (Minor issue)
 	[buster] - libyang <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1452
+	NOTE: https://github.com/CESNET/libyang/commit/5ce30801f9ccc372bbe9b7c98bb5324b15fb010a (v1.0.253)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check  ...)
-	- libyang <removed> (bug #989060)
+	- libyang2 <not-affected> (Fixed before initial upload)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	[bullseye] - libyang <no-dsa> (Minor issue)
 	[buster] - libyang <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1451
+	NOTE: https://github.com/CESNET/libyang/commit/59a0bff1a5a2f0a0eac07e4bf94d4aea9dd3708d (v1.0.253)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial of service  ...)
-	- libyang <removed> (bug #989060)
+	- libyang2 <not-affected> (Fixed before initial upload)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	[bullseye] - libyang <no-dsa> (Minor issue)
 	[buster] - libyang <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1453
+	NOTE: https://github.com/CESNET/libyang/commit/298b30ea4ebee137226acf9bb38678bd82704582 (v1.0.240)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it doesn't ch ...)
-	- libyang <removed> (bug #989060)
+	- libyang2 <not-affected> (Fixed before initial upload)
+	- libyang 3.4.2+dfsg-2 (bug #989060)
 	[bullseye] - libyang <no-dsa> (Minor issue)
 	[buster] - libyang <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1454
+	NOTE: https://github.com/CESNET/libyang/commit/a3917d95d516e3de267d3cfa5d4d3715a90e8777 (v1.0.240)
+	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Soft ...)
 	NOT-FOR-US: Sita Software Azur CMS.
 CVE-2021-28900



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f90f5b623179ec50ca91ed76a6f07d770c94fb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f90f5b623179ec50ca91ed76a6f07d770c94fb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/c1e1a8d5/attachment.htm>

More information about the debian-security-tracker-commits mailing list