[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-22890/curl as not-affected for stretch

Sun, 04 Apr 2021 17:22:59 -0700 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc93b4c8 by Utkarsh Gupta at 2021-04-05T05:51:07+05:30
Mark CVE-2021-22890/curl as not-affected for stretch

- - - - -
0d426f85 by Utkarsh Gupta at 2021-04-05T05:52:32+05:30
Triage curl for stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16445,6 +16445,7 @@ CVE-2021-22891
 CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability 
that allows ...)
        {DSA-4881-1}
        - curl <unfixed> (bug #986270)
+       [stretch] - curl <not-affected> (Vunerable code introduced later)
        NOTE: https://curl.se/docs/CVE-2021-22890.html
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
 CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS 
vulnera ...)


=====================================
data/dla-needed.txt
=====================================
@@ -44,6 +44,11 @@ courier-authlib
   NOTE: 20210329: and getting prepared. The nature of conversation is
   NOTE: 20210329: internal and Utkarsh is working on it already. (utkarsh)
 --
+curl
+  NOTE: 20210405: the patch applies but is missing a lot of elements;
+  NOTE: 20210405: namely CURLU, CURLUPART_{URL,FRAGMENT,USER,PASSWORD}. 
(utkarsh)
+  NOTE: 20210405: see 
https://lists.debian.org/debian-lts/2021/04/msg00002.html. (utkarsh)
+--
 edk2
 --
 firmware-nonfree



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/050815f038924983c0ff501fc15fae104bcd408f...0d426f85caaad5728761ad3fc1d65f965cccba26

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/050815f038924983c0ff501fc15fae104bcd408f...0d426f85caaad5728761ad3fc1d65f965cccba26
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to