diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-24 07:00:56 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-24 07:00:56 +0100 |
commit | da38b47bab085061cb7b90f7f8e7e3bd87757df1 (patch) | |
tree | b344e5056af3f2823dc7a96552c7c628f49de238 | |
parent | b6a371b65f9706f4de5088ff132ef8282a356af0 (diff) |
Update status for CVE-2021-40818/glewlwyd in buster
The FIDO2 signature validation code has been added only later making
this CVE not affected for the buster version based on 1.4.9.
-rw-r--r-- | data/CVE/2021.list | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index ce010b5151..2d64836344 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -8155,7 +8155,7 @@ CVE-2021-XXXX [jws alg:none signature verification issue] CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) - glewlwyd 2.5.2-3 (bug #993867) [bullseye] - glewlwyd 2.5.2-2+deb11u1 - [buster] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release) + [buster] - glewlwyd <not-affected> (Vulnerable code for FIDO2 signature validation introduced later) NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2 CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...) NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client |