summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-03-05 09:15:22 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-03-05 09:15:22 +0100
commit9bc8cff482cdec3d1f2298048f60a4de029bf297 (patch)
tree0ee8eae33fa5ac5ae4fb48bf0d2309564eaa4f3d
parent97055a343e59d2620590deb48794acb4253f25fc (diff)
Do not track CVE-2021-24032 for DLA-2573-1
The CVE was assigned for an incomplete fix (which affected indeed unstable and buster, but for stretch the issue in CVE-2021-24031 was in one go fixed with the correct fix without opening CVE-2021-24032). Adjust tracking to reflect the situation in the supported suites.
-rw-r--r--data/CVE/2021.list3
-rw-r--r--data/DLA/list2
2 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 11eeca9c2f..09a7875983 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -2395,8 +2395,9 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...)
- {DSA-4859-1 DLA-2573-1}
+ {DSA-4859-1}
- libzstd 1.4.8+dfsg-2 (bug #982519)
+ [stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied)
NOTE: https://github.com/facebook/zstd/issues/2491
CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
{DSA-4850-1 DLA-2573-1}
diff --git a/data/DLA/list b/data/DLA/list
index 24c15acc4e..9fff463b7b 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -22,7 +22,7 @@
{CVE-2021-27212}
[stretch] - openldap 2.4.44+dfsg-5+deb9u8
[20 Feb 2021] DLA-2573-1 libzstd - security update
- {CVE-2021-24031 CVE-2021-24032}
+ {CVE-2021-24031}
[stretch] - libzstd 1.1.2-1+deb9u1
[20 Feb 2021] DLA-2572-1 wpa - security update
{CVE-2021-0326}

© 2014-2022 Faster IT GmbH | imprint | privacy policy