[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-41973/mina
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 6 14:41:38 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7bceb5c1 by Salvatore Bonaccorso at 2025-04-06T15:40:59+02:00
Update status for CVE-2021-41973/mina
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -293686,14 +293686,13 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF))
CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: chaskiq
CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
- - mina <unfixed>
- [bookworm] - mina <no-dsa> (Minor issue)
- [bullseye] - mina <postponed> (Minor issue; DoS)
+ - mina <not-affected> (Vulnerable code introduced later)
- mina2 2.1.5-1
[bullseye] - mina2 <postponed> (Minor issue; DoS)
NOTE: https://lists.apache.org/thread/sq0kkqvxcp7xjt8gxdyb650nj8dv6qv0
- NOTE: https://github.com/apache/mina/commit/7dc266ac9a74f50669039c10be3d2defa2ac8b58 (2.1.5)
- NOTE: https://github.com/apache/mina/commit/3a91690e574a69875a2fca1f0e363b0b9ff00469 (2.0.22)
+ NOTE: Introduced after: https://github.com/apache/mina/commit/4e38663b17b2e2215a86a06d9a45e194fd7c8ec4 (2.0.7)
+ NOTE: Fixed by: https://github.com/apache/mina/commit/7dc266ac9a74f50669039c10be3d2defa2ac8b58 (2.1.5)
+ NOTE: Fixed by: https://github.com/apache/mina/commit/3a91690e574a69875a2fca1f0e363b0b9ff00469 (2.0.22)
CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
NOT-FOR-US: Apache Superset
CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bceb5c100d455944fde5e23179c4d725670ed11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bceb5c100d455944fde5e23179c4d725670ed11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250406/c429c0b0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list