[Git][security-tracker-team/security-tracker][master] Add newly reported trafficserver CVEs

Fri, 25 Jun 2021 00:37:50 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
821293c3 by Salvatore Bonaccorso at 2021-06-25T09:37:06+02:00
Add newly reported trafficserver CVEs

Need further investigation for the affected versions.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,8 +46,9 @@ CVE-2021-3615
        RESERVED
 CVE-2021-3614
        RESERVED
-CVE-2021-35474
+CVE-2021-35474 [Dynamic stack buffer overflow in cachekey plugin]
        RESERVED
+       - trafficserver <unfixed> (bug #990303)
 CVE-2021-35473
        RESERVED
 CVE-2021-35472
@@ -6564,12 +6565,15 @@ CVE-2021-32569
        RESERVED
 CVE-2021-32568
        RESERVED
-CVE-2021-32567
+CVE-2021-32567 [Reading HTTP/2 frames too many times]
        RESERVED
-CVE-2021-32566
+       - trafficserver <unfixed> (bug #990303)
+CVE-2021-32566 [Specific sequence of HTTP/2 frames can cause ATS to crash]
        RESERVED
-CVE-2021-32565
+       - trafficserver <unfixed> (bug #990303)
+CVE-2021-32565 [HTTP Request Smuggling, content length with invalid charters]
        RESERVED
+       - trafficserver <unfixed> (bug #990303)
 CVE-2021-32564
        RESERVED
 CVE-2021-32562
@@ -18765,8 +18769,9 @@ CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on 
Windows uses CPUID to repo
        NOT-FOR-US: Snow Inventory Agent
 CVE-2021-27578
        RESERVED
-CVE-2021-27577
+CVE-2021-27577 [Incorrect handling of url fragment leads to cache poisoning]
        RESERVED
+       - trafficserver <unfixed> (bug #990303)
 CVE-2021-27576 (If was found that the NetTest web service can be used to 
overload the  ...)
        NOT-FOR-US: Apache OpenMeetings
 CVE-2021-27575



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/821293c37aa6e031f8d8d38dbe681eb4062e9868

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/821293c37aa6e031f8d8d38dbe681eb4062e9868
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to