Add CVE-2021-4189/python

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-01 10:30:21 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-01 10:33:26 +0100
commit: d78520871c328e7f315ad1e1a346d27d928115ed (patch)
tree: d52e4211e75d1cfcc99d3aa2940d6923d8518a21
parent: efd69c48dd02caf17a6fd5543e647a0927dee0bc (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 7a74a4c8cf..8f34d3e8d5 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -139,8 +139,19 @@ CVE-2021-45919
 	RESERVED
 CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of  ...)
 	TODO: check
-CVE-2021-4189
+CVE-2021-4189 [ftplib should not use the host from the PASV response]
 	RESERVED
+	- python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
+	- python3.9 3.9.7-1
+	- python3.7 <removed>
+	- python3.5 <removed>
+	- python2.7 <unfixed>
+	NOTE: https://bugs.python.org/issue43285
+	NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
+	NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
+	NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
+	NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
 CVE-2021-45918
 	RESERVED
 CVE-2021-45917
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-01 10:30:21 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-01 10:33:26 +0100
commit	d78520871c328e7f315ad1e1a346d27d928115ed (patch)
tree	d52e4211e75d1cfcc99d3aa2940d6923d8518a21
parent	efd69c48dd02caf17a6fd5543e647a0927dee0bc (diff)