Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9dcadd10 by Markus Koschany at 2023-01-01T23:16:55+01:00 CVE-2021-37136,CVE-2021-37137,CVE-2021-43797,CVE-2022-41881,CVE-2022-41915,netty fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -22417,7 +22417,7 @@ CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. V NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1) CVE-2022-41915 (Netty project is an event-driven asynchronous network application fram ...) - - netty <unfixed> (bug #1027180) + - netty 1:4.1.48-6 (bug #1027180) NOTE: https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp NOTE: Fixed by https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4 CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...) @@ -22494,7 +22494,7 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from NOTE: https://github.com/nextcloud/server/pull/34559 TODO: check details, is owncloud-client similarly affected? CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...) - - netty <unfixed> (bug #1027180) + - netty 1:4.1.48-6 (bug #1027180) NOTE: https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v NOTE: Fixed by https://github.com/netty/netty/commit/cd91cf3c99123bd1e53fd6a1de0e3d1922f05bb2 CVE-2022-41880 (TensorFlow is an open source platform for machine learning. When the ` ...) @@ -87774,7 +87774,7 @@ CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server in CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...) - grafana <removed> CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...) - - netty <unfixed> (bug #1001437) + - netty 1:4.1.48-6 (bug #1001437) [bullseye] - netty <no-dsa> (Minor issue) [buster] - netty <no-dsa> (Minor issue) [stretch] - netty <no-dsa> (Minor issue) @@ -108251,14 +108251,14 @@ CVE-2021-37139 CVE-2021-37138 RESERVED CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...) - - netty <unfixed> (bug #1014769) + - netty 1:4.1.48-6 (bug #1014769) [bullseye] - netty <no-dsa> (Minor issue) [buster] - netty <no-dsa> (Minor issue) [stretch] - netty <no-dsa> (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...) - - netty <unfixed> (bug #1014769) + - netty 1:4.1.48-6 (bug #1014769) [bullseye] - netty <no-dsa> (Minor issue) [buster] - netty <no-dsa> (Minor issue) [stretch] - netty <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits