Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: cc93b4c8 by Utkarsh Gupta at 2021-04-05T05:51:07+05:30 Mark CVE-2021-22890/curl as not-affected for stretch - - - - - 0d426f85 by Utkarsh Gupta at 2021-04-05T05:52:32+05:30 Triage curl for stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -16445,6 +16445,7 @@ CVE-2021-22891 CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...) {DSA-4881-1} - curl <unfixed> (bug #986270) + [stretch] - curl <not-affected> (Vunerable code introduced later) NOTE: https://curl.se/docs/CVE-2021-22890.html NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844 CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...) ===================================== data/dla-needed.txt ===================================== @@ -44,6 +44,11 @@ courier-authlib NOTE: 20210329: and getting prepared. The nature of conversation is NOTE: 20210329: internal and Utkarsh is working on it already. (utkarsh) -- +curl + NOTE: 20210405: the patch applies but is missing a lot of elements; + NOTE: 20210405: namely CURLU, CURLUPART_{URL,FRAGMENT,USER,PASSWORD}. (utkarsh) + NOTE: 20210405: see https://lists.debian.org/debian-lts/2021/04/msg00002.html. (utkarsh) +-- edk2 -- firmware-nonfree View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/050815f038924983c0ff501fc15fae104bcd408f...0d426f85caaad5728761ad3fc1d65f965cccba26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/050815f038924983c0ff501fc15fae104bcd408f...0d426f85caaad5728761ad3fc1d65f965cccba26 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits