Add CVE-2021-3391{2,3}/libspf2

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-19 21:46:50 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-19 21:46:50 +0100
commit: 9d8c5f0a8b9b73f1f5e8ab34cb1297b43a65f4a1 (patch)
tree: bf3d7312792f98c3f7978886bd53e7325ab9d155
parent: 220bacb1dfe9c7c55e7c8dd60a558df9aaa49e3f (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 13a7ef3b62..4136bd90d6 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -30332,9 +30332,19 @@ CVE-2021-33915
 CVE-2021-33914
 	RESERVED
 CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...)
-	TODO: check
+	- libspf2 1.2.10-7.1
+	[bullseye] - libspf2 1.2.10-7.1~deb11u1
+	[buster] - libspf2 1.2.10-7.1~deb10u1
+	NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+	NOTE: https://github.com/shevek/libspf2/pull/35
+	NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
 CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that  ...)
-	TODO: check
+	- libspf2 1.2.10-7.1
+	[bullseye] - libspf2 1.2.10-7.1~deb11u1
+	[buster] - libspf2 1.2.10-7.1~deb10u1
+	NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+	NOTE: https://github.com/shevek/libspf2/pull/35
+	NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d
 CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
 	NOT-FOR-US: Zoho
 CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1  ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-19 21:46:50 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-19 21:46:50 +0100
commit	9d8c5f0a8b9b73f1f5e8ab34cb1297b43a65f4a1 (patch)
tree	bf3d7312792f98c3f7978886bd53e7325ab9d155
parent	220bacb1dfe9c7c55e7c8dd60a558df9aaa49e3f (diff)