summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Mühlenhoff <jmm@debian.org>2021-03-03 20:10:56 +0100
committerMoritz Mühlenhoff <jmm@debian.org>2021-03-03 20:10:56 +0100
commitd08b2b2ef43925890d6159264788c23675e0327d (patch)
treee8d53aa55293f0933b730c17da8eebaad03d8942
parente0ef596aa210493b75b9822a1eaeea0c4229649e (diff)
add libnewlib-nano to affected source packages
-rw-r--r--data/CVE/2021.list4
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 1c10695c71..83af77f3da 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,10 +1,12 @@
CVE-2021-3420
RESERVED
- newlib <unfixed>
+ [buster] - newlib <no-dsa> (Minor issue)
- picolibc 1.5-1
+ - libnewlib-nano <unfixed> (bug #984424)
+ [buster] - libnewlib-nano <no-dsa> (Minor issue)
NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
- TODO: check libnewlib-nano, potentially derived code, if not then the CVE does not apply
CVE-2021-27917
RESERVED
CVE-2021-27916

© 2014-2024 Faster IT GmbH | imprint | privacy policy