Add CVE-2021-3177/python

author: Salvatore Bonaccorso <carnil@debian.org> 2021-01-20 21:43:43 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-01-20 21:43:43 +0100
commit: 5839d7c0e86ef0e49e343b4aae2da5cd944d3747 (patch)
tree: 7512d15332b4d7368c38f78f2f8e1bab6e0de588
parent: 5be1c5cfc867eb2cb6ebcd13edb5921dd4070371 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index aa159ebf11..d036262936 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -687,7 +687,19 @@ CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10
 	NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
 	NOTE: Disputed/mild security relevance/impact
 CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...)
-	TODO: check
+	- python3.9 <unfixed>
+	- python3.8 <unfixed>
+	- python3.7 <removed>
+	- python3.5 <removed>
+	- python2.7 <unfixed>
+	NOTE: https://bugs.python.org/issue42938
+	NOTE: https://github.com/python/cpython/pull/24239
+	NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
+	NOTE: https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7 (master)
+	NOTE: https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 (3.9)
+	NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8)
+	NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7)
+	NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6)
 CVE-2021-3176
 	RESERVED
 CVE-2021-3175
author	Salvatore Bonaccorso <carnil@debian.org>	2021-01-20 21:43:43 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-01-20 21:43:43 +0100
commit	5839d7c0e86ef0e49e343b4aae2da5cd944d3747 (patch)
tree	7512d15332b4d7368c38f78f2f8e1bab6e0de588
parent	5be1c5cfc867eb2cb6ebcd13edb5921dd4070371 (diff)