Here is my public monthly report. Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/services/debian-lts.html#sponsors
LTS
- mosquitto
- CVE-2021-34432
Investigated open security vulnerability in mosquitto server and
tested whether the server could be forced to fail at the version
in stretch. Vulnerable code exists but is not exploitable, the CVE
relates to code introduced later which fails to check the arguments
to the vulnerable function.
- mupdf
- CVE-2021-37220 - vulnerable code not present in Stretch.
- CVE-2021-37218 - Not able to reproduce, upstream fix may be
incomplete.
- qt4-x11
- CVE-2020-24742 - vulnerable code introduced later
- CVE-2020-24741 - vulnerable code introduced later
--
Neil Williams
=============
https://linux.codehelp.co.uk/
pgp16SZ4Ff0eJ.pgp
Description: OpenPGP digital signature
