Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91bc2ffa by Salvatore Bonaccorso at 2024-12-25T13:35:45+01:00
Mark CVE-2021-42377 as unimportant
As CONFIG_HUSH is not set up to the unstable version, hush is not built
for busybox. For this reason mark it as unimportant and add an
explanatory note. This means that the binary packages are not impacted
while the source might have been.
At same time update the note for the similar CVE-2021-42376.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -257366,16 +257366,16 @@ CVE-2021-42378 (A use-after-free in Busybox's awk
applet leads to denial of serv
[stretch] - busybox <postponed> (Minor issue, requires passing
arbitrary awk program, no identified patch)
NOTE:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet
leads to ...)
- - busybox 1:1.35.0-1 (bug #999567)
- [bullseye] - busybox <not-affected> (CONFIG_HUSH is not set)
+ - busybox 1:1.35.0-1 (bug #999567; unimportant)
[buster] - busybox <not-affected> (CONFIG_HUSH is not set)
[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
NOTE:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: CONFIG_HUSH is not set to build hush
CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to
denial of ...)
- busybox 1:1.35.0-1 (unimportant; bug #999567)
[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
NOTE:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
- NOTE: Crash in CLI tool, no security impact
+ NOTE: Crash in CLI tool, no security impact, CONFIG_HUSH is not set to
build hush
CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash
applet lea ...)
- busybox 1:1.35.0-1 (unimportant; bug #999567)
NOTE:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91bc2ffad95c92a5e918994a62ce361b41df0511
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91bc2ffad95c92a5e918994a62ce361b41df0511
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
