[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: ignored -> not-affected for CVE-2021-34432

Tue, 26 Oct 2021 14:33:33 -0700 


Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d3c76c38 by Anton Gladky at 2021-10-26T23:32:46+02:00
LTS: ignored -> not-affected for CVE-2021-34432

- - - - -
f61b955a by Anton Gladky at 2021-10-26T23:32:46+02:00
Reserve DLA-2793-1 for mosquitto

- - - - -
b5b16186 by Anton Gladky at 2021-10-26T23:33:04+02:00
Reserve DLA-2794-1 for mosquitto

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21413,8 +21413,8 @@ CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 
2.6.4 and 3.0.0-M1 to 3.
        NOT-FOR-US: Eclipse Californium
 CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server 
will crash  ...)
        - mosquitto 2.0.8-1
-       [buster] - mosquitto <ignored> (Vulnerable code is not accessible in 
version 1.x)
-       [stretch] - mosquitto <ignored> (Vulnerable code is not accessible in 
version 1.x)
+       [buster] - mosquitto <not-affected> (Vulnerable code is not accessible 
in version 1.x)
+       [stretch] - mosquitto <not-affected> (Vulnerable code is not accessible 
in version 1.x)
        NOTE: 
https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an 
authenticated client ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,9 @@
+[26 Oct 2021] DLA-2794-1 mosquitto - security update
+       {CVE-2017-7655}
+       [stretch] - mosquitto 1.4.10-3+deb9u5
+[26 Oct 2021] DLA-2793-1 mosquitto - security update
+       {CVE-2017-7655}
+       [stretch] - mosquitto 1.4.10-3+deb9u5
 [24 Oct 2021] DLA-2792-1 faad2 - security update
        {CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 
CVE-2021-32276 CVE-2021-32277 CVE-2021-32278}
        [stretch] - faad2 2.8.0~cvs20161113-1+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -55,10 +55,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-mosquitto (Anton Gladky)
-  NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
-  NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
---
 ntfs-3g (Anton Gladky)
 --
 nvidia-graphics-drivers



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to