Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bb901c54 by Salvatore Bonaccorso at 2022-03-24T21:23:16+01:00
Sync upstream tags for clickhouse CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27042,14 +27042,14 @@ CVE-2021-43306
        RESERVED
 CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec 
when parsin ...)
        - clickhouse <unfixed> (bug #1008216)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v22.3.2.2-lts)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v22.3.2.2-lts)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v21.9.1.7685)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v21.9.1.7685)
        NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
        NOTE: 
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
 CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec 
when parsin ...)
        - clickhouse <unfixed> (bug #1008216)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v22.3.2.2-lts)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v22.3.2.2-lts)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v21.9.1.7685)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v21.9.1.7685)
        NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
        NOTE: 
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
 CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An 
attacker ...)
@@ -31240,14 +31240,14 @@ CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta 
compression codec when pars
        NOTE: 
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
 CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec 
when par ...)
        - clickhouse <unfixed> (bug #1008216)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v22.3.2.2-lts)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v22.3.2.2-lts)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v21.9.1.7685)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v21.9.1.7685)
        NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
        NOTE: 
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
 CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec 
when par ...)
        - clickhouse <unfixed> (bug #1008216)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v22.3.2.2-lts)
-       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v22.3.2.2-lts)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
 (v21.9.1.7685)
+       NOTE: 
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
 (v21.9.1.7685)
        NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
        NOTE: 
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
 CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of 
service an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb901c54d40609e8c267537ddf431020de7527b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb901c54d40609e8c267537ddf431020de7527b5
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to