[Git][security-tracker-team/security-tracker][master] lrzip: document CVE-2021-27345/CVE-2021-27347/CVE-2022-26291 relationship

Sat, 09 Apr 2022 09:55:01 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f5664051 by Sylvain Beucler at 2022-04-09T18:53:42+02:00
lrzip: document CVE-2021-27345/CVE-2021-27347/CVE-2022-26291 relationship

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6964,6 +6964,7 @@ CVE-2022-26291 (lrzip v0.641 was discovered to contain a 
multiple concurrency us
        [stretch] - lrzip <postponed> (Minor issue, use-after-free with no 
known impact)
        NOTE: https://github.com/ckolivas/lrzip/issues/206
        NOTE: 
https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4
 (v0.650)
+       NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix
 CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a 
command inje ...)
        NOT-FOR-US: Tenda
 CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a 
command inje ...)
@@ -72487,6 +72488,7 @@ CVE-2021-27347 (Use after free in lzma_decompress_buf 
function in stream.c in Ir
        NOTE: https://github.com/ckolivas/lrzip/issues/165
        NOTE: 
https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8
 (v0.640)
        NOTE: Crash in CLI tool, no security impact
+       NOTE: See CVE-2022-26291 follow-up related to clear_rulist()
 CVE-2021-27346
        RESERVED
 CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in 
stream.c i ...)
@@ -72494,6 +72496,7 @@ CVE-2021-27345 (A null pointer dereference was 
discovered in ucompthread in stre
        NOTE: https://github.com/ckolivas/lrzip/issues/164
        NOTE: 
https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8
 (v0.640)
        NOTE: Crash in CLI tool, no security impact
+       NOTE: See CVE-2022-26291 follow-up related to clear_rulist()
 CVE-2021-27344
        RESERVED
 CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The 
impact is: ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f566405135d8f9ba1ee4627d46ddf38fa41350c6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f566405135d8f9ba1ee4627d46ddf38fa41350c6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to