diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-03-02 08:05:18 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-03-02 08:05:18 +0100 |
| commit | c0cc9a24df7b2ad044bcbdfbf2139a1d2bd5877c (patch) | |
| tree | 9bb279e4c9be4761758879e7611916f7194083ba | |
| parent | 31e60964d83127af0aec08f1e8a4e0005c55e6cf (diff) | |
CVE-2021-2403{1,2}/libzstd assigned
| -rw-r--r-- | data/CVE/2019.list | 5 | ||||
| -rw-r--r-- | data/CVE/2021.list | 11 | ||||
| -rw-r--r-- | data/DLA/list | 1 | ||||
| -rw-r--r-- | data/DSA/list | 2 |
4 files changed, 7 insertions, 12 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 0aad652d50..bf1634dcdb 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -12,11 +12,6 @@ CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-r NOT-FOR-US: Scytl sVote CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...) - limesurvey <itp> (bug #472802) -CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed] - - libzstd 1.4.8+dfsg-1 (bug #981404) - [buster] - libzstd 1.3.8+dfsg-3+deb10u1 - [stretch] - libzstd 1.1.2-1+deb9u1 - NOTE: https://github.com/facebook/zstd/issues/1630 CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious servers co ...) - krb5-appl <removed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131109 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index e8f3ffcdb9..0f0bd6d268 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -2182,11 +2182,12 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ -CVE-2021-XXXX [zstd allows for race-opening files being compressed or uncompressed] +CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed] - libzstd 1.4.8+dfsg-2 (bug #982519) - [buster] - libzstd 1.3.8+dfsg-3+deb10u2 - [stretch] - libzstd 1.1.2-1+deb9u1 NOTE: https://github.com/facebook/zstd/issues/2491 +CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed] + - libzstd 1.4.8+dfsg-1 (bug #981404) + NOTE: https://github.com/facebook/zstd/issues/1630 CVE-2021-26852 RESERVED CVE-2021-26851 @@ -8535,10 +8536,6 @@ CVE-2021-24034 RESERVED CVE-2021-24033 RESERVED -CVE-2021-24032 - RESERVED -CVE-2021-24031 - RESERVED CVE-2021-24030 RESERVED CVE-2021-24029 diff --git a/data/DLA/list b/data/DLA/list index 90eb3596f8..19cade3857 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -14,6 +14,7 @@ {CVE-2021-27212} [stretch] - openldap 2.4.44+dfsg-5+deb9u8 [20 Feb 2021] DLA-2573-1 libzstd - security update + {CVE-2021-24031 CVE-2021-24032} [stretch] - libzstd 1.1.2-1+deb9u1 [20 Feb 2021] DLA-2572-1 wpa - security update {CVE-2021-0326} diff --git a/data/DSA/list b/data/DSA/list index 5aefaf50a6..4e22c5f57a 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -20,6 +20,7 @@ {CVE-2021-27212} [buster] - openldap 2.4.47+dfsg-3+deb10u6 [20 Feb 2021] DSA-4859-1 libzstd - security update + {CVE-2021-24032} [buster] - libzstd 1.3.8+dfsg-3+deb10u2 [19 Feb 2021] DSA-4858-1 chromium - security update {CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157} @@ -45,6 +46,7 @@ {CVE-2020-17525} [buster] - subversion 1.10.4-1+deb10u2 [10 Feb 2021] DSA-4850-1 libzstd - security update + {CVE-2021-24031} [buster] - libzstd 1.3.8+dfsg-3+deb10u1 [09 Feb 2021] DSA-4849-1 firejail - security update {CVE-2021-26910} |