[Git][security-tracker-team/security-tracker][master] 3 commits: Update information on CVE-2021-41973 and use tags by upstream

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 29 08:15:10 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19d46005 by Salvatore Bonaccorso at 2025-03-29T09:14:42+01:00
Update information on CVE-2021-41973 and use tags by upstream

- - - - -
3d8b1aaa by Salvatore Bonaccorso at 2025-03-29T09:14:44+01:00
Update information on CVE-2019-0231

- - - - -
5efb8b59 by Salvatore Bonaccorso at 2025-03-29T09:14:46+01:00
Update information for CVE-2024-52046

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30723,7 +30723,7 @@ CVE-2024-52046 (The ObjectSerializationDecoder in Apache MINA uses Java\u2019s n
 	- mina2 <unfixed> (bug #1091530)
 	[bookworm] - mina2 <no-dsa> (Minor issue)
 	NOTE: https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8
-	NOTE: https://github.com/apache/mina/commit/f9cc5ada6ebef4ee7cc51aac824e42e2e422310e (v2.2.4)
+	NOTE: https://github.com/apache/mina/commit/f9cc5ada6ebef4ee7cc51aac824e42e2e422310e (2.2.4)
 CVE-2024-47978 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unne ...)
 	NOT-FOR-US: Dell
 CVE-2024-47102 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1  could allow a non-privileged local ...)
@@ -290281,8 +290281,8 @@ CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request m
 	- mina2 2.1.5-1
 	[bullseye] - mina2 <postponed> (Minor issue; DoS)
 	NOTE: https://lists.apache.org/thread/sq0kkqvxcp7xjt8gxdyb650nj8dv6qv0
-	NOTE: https://github.com/apache/mina/commit/7dc266ac9a74f50669039c10be3d2defa2ac8b58 (v2.1.5)
-	NOTE: https://github.com/apache/mina/commit/3a91690e574a69875a2fca1f0e363b0b9ff00469 (v2.0.22)
+	NOTE: https://github.com/apache/mina/commit/7dc266ac9a74f50669039c10be3d2defa2ac8b58 (2.1.5)
+	NOTE: https://github.com/apache/mina/commit/3a91690e574a69875a2fca1f0e363b0b9ff00469 (2.0.22)
 CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
@@ -486400,7 +486400,7 @@ CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a c
 	[bookworm] - mina <no-dsa> (Minor issue)
 	[bullseye] - mina <postponed> (Minor issue; can be fixed in next update)
 	- mina2 2.1.4-1
-	NOTE: https://github.com/apache/mina/commit/73e881ad935e5aa6080b90585ac8dc8ddfc377e1 (v2.1.1)
+	NOTE: https://github.com/apache/mina/commit/73e881ad935e5aa6080b90585ac8dc8ddfc377e1 (2.1.1)
 CVE-2019-0230 (Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when eval ...)
 	- libstruts1.2-java <removed>
 CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/862580823f60fa5ad2510318b9cfbff5fa53e6dc...5efb8b59d894c759ba3f34e91161288ba5e4e63d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/862580823f60fa5ad2510318b9cfbff5fa53e6dc...5efb8b59d894c759ba3f34e91161288ba5e4e63d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250329/a678061d/attachment.htm>

More information about the debian-security-tracker-commits mailing list