[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS - August 2021

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.


- mosquitto
  - CVE-2021-34432
    Investigated open security vulnerability in mosquitto server and
    tested whether the server could be forced to fail at the version
    in stretch. Vulnerable code exists but is not exploitable, the CVE
    relates to code introduced later which fails to check the arguments
    to the vulnerable function.

- mupdf
  - CVE-2021-37220 - vulnerable code not present in Stretch.
  - CVE-2021-37218 - Not able to reproduce, upstream fix may be

- qt4-x11
  - CVE-2020-24742 - vulnerable code introduced later
  - CVE-2020-24741 - vulnerable code introduced later

Neil Williams

Attachment: pgpmq2QjTqXPM.pgp
Description: OpenPGP digital signature

Reply to: