Merge branch 'CVE-2021-3698' into 'master'

Track fixed version for CVE-2021-3698/cockpit See merge request security-tracker-team/security-tracker!99
author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-25 09:39:06 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-25 09:39:06 +0000
commit: 5ac4eab853ab9deed1557f570792ebe6c52865b2 (patch)
tree: 386d0f8bdad244f2613bef504c2101c1e5b89fb1
parent: f9ade0b0598c76ec499fdb2ff4fce940c416551b (diff)
parent: e47311e001e25fc0c80696f2f17a861d1061e789 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 5ec9d18a3d..88104251f6 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -20392,10 +20392,12 @@ CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allo
 	NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
 CVE-2021-3698 [authenticates with revoked certificates]
 	RESERVED
-	- cockpit <unfixed>
+	- cockpit 260-1
 	[bullseye] - cockpit <no-dsa> (Minor issue)
 	[buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+	NOTE: Needs sssd 2.6.1
+	NOTE: https://cockpit-project.org/blog/cockpit-260.html
 CVE-2021-3697
 	RESERVED
 CVE-2021-3696
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-25 09:39:06 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-25 09:39:06 +0000
commit	5ac4eab853ab9deed1557f570792ebe6c52865b2 (patch)
tree	386d0f8bdad244f2613bef504c2101c1e5b89fb1
parent	f9ade0b0598c76ec499fdb2ff4fce940c416551b (diff)
parent	e47311e001e25fc0c80696f2f17a861d1061e789 (diff)