Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: f5664051 by Sylvain Beucler at 2022-04-09T18:53:42+02:00 lrzip: document CVE-2021-27345/CVE-2021-27347/CVE-2022-26291 relationship - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6964,6 +6964,7 @@ CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency us [stretch] - lrzip <postponed> (Minor issue, use-after-free with no known impact) NOTE: https://github.com/ckolivas/lrzip/issues/206 NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650) + NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) @@ -72487,6 +72488,7 @@ CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Ir NOTE: https://github.com/ckolivas/lrzip/issues/165 NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640) NOTE: Crash in CLI tool, no security impact + NOTE: See CVE-2022-26291 follow-up related to clear_rulist() CVE-2021-27346 RESERVED CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...) @@ -72494,6 +72496,7 @@ CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stre NOTE: https://github.com/ckolivas/lrzip/issues/164 NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640) NOTE: Crash in CLI tool, no security impact + NOTE: See CVE-2022-26291 follow-up related to clear_rulist() CVE-2021-27344 RESERVED CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f566405135d8f9ba1ee4627d46ddf38fa41350c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f566405135d8f9ba1ee4627d46ddf38fa41350c6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits