diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-07 09:27:04 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-07 09:27:04 +0100 |
commit | ba5795f9213d5e1783fa49d70bdcc19d1496cf85 (patch) | |
tree | 00eda5ff4e8e1158bf71326136b247b031037638 /data | |
parent | 5a9c8f5234089a3954c71ca9d4bf1b48435c7502 (diff) |
Add CVE-2021-44686/calibre
Note that the CVE description is wrong, but the upstream commit
235b7e38c197 ("Fix inefficient regex that slows down a lot with certain
input. Fixes #1951979 [Private
bug](https://bugs.launchpad.net/calibre/+bug/1951979)") references the
right launchpad bug and is about the described issue.
Additionally matches the information from LP: 1951979.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2021.list | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 3e34e1c15a..74c2ed7ef0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -11,7 +11,9 @@ CVE-2021-44688 CVE-2021-44687 RESERVED CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...) - TODO: check + - calibre 5.33.0+dfsg-1 + NOTE: https://bugs.launchpad.net/calibre/+bug/1951979 + NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0) CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...) TODO: check CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) |