Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9dcadd10 by Markus Koschany at 2023-01-01T23:16:55+01:00
CVE-2021-37136,CVE-2021-37137,CVE-2021-43797,CVE-2022-41881,CVE-2022-41915,netty
fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22417,7 +22417,7 @@ CVE-2022-41916 (Heimdal is an implementation of
ASN.1/DER, PKIX, and Kerberos. V
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
NOTE:
https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c
(heimdal-7.7.1)
CVE-2022-41915 (Netty project is an event-driven asynchronous network
application fram ...)
- - netty <unfixed> (bug #1027180)
+ - netty 1:4.1.48-6 (bug #1027180)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
NOTE: Fixed by
https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4
CVE-2022-41914 (Zulip is an open-source team collaboration tool. For
organizations wit ...)
@@ -22494,7 +22494,7 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool
to synchronize files from
NOTE: https://github.com/nextcloud/server/pull/34559
TODO: check details, is owncloud-client similarly affected?
CVE-2022-41881 (Netty project is an event-driven asynchronous network
application fram ...)
- - netty <unfixed> (bug #1027180)
+ - netty 1:4.1.48-6 (bug #1027180)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
NOTE: Fixed by
https://github.com/netty/netty/commit/cd91cf3c99123bd1e53fd6a1de0e3d1922f05bb2
CVE-2022-41880 (TensorFlow is an open source platform for machine learning.
When the ` ...)
@@ -87774,7 +87774,7 @@ CVE-2021-43799 (Zulip is an open-source team
collaboration tool. Zulip Server in
CVE-2021-43798 (Grafana is an open-source platform for monitoring and
observability. G ...)
- grafana <removed>
CVE-2021-43797 (Netty is an asynchronous event-driven network application
framework fo ...)
- - netty <unfixed> (bug #1001437)
+ - netty 1:4.1.48-6 (bug #1001437)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
@@ -108251,14 +108251,14 @@ CVE-2021-37139
CVE-2021-37138
RESERVED
CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk
length wh ...)
- - netty <unfixed> (bug #1014769)
+ - netty 1:4.1.48-6 (bug #1014769)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
NOTE: Fixed by:
https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f
(netty-4.1.68.Final)
CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting
size re ...)
- - netty <unfixed> (bug #1014769)
+ - netty 1:4.1.48-6 (bug #1014769)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dcadd10b32c29b3b837e79432921a1730b91845
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
