Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: af773e06 by Sylvain Beucler at 2021-11-16T12:44:33+01:00 busybox: stretch postponed - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -6010,46 +6010,55 @@ CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of serv - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...) - busybox <unfixed> (bug #999567) ===================================== data/dla-needed.txt ===================================== @@ -18,12 +18,6 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -busybox (Sylvain Beucler) - NOTE: 20211111: dos issues are low impact and could be ignored, awk issues seem - NOTE: 20211111: only serious if executing untrusted code, so perhaps postpone, - NOTE: 20211111: but double-check (pochu) - NOTE: 20211113: waiting for further maintainer feedback & commit info (Beuc) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af773e06fa3befb178b247d0d8c2489762be3333 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af773e06fa3befb178b247d0d8c2489762be3333 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits