Debian LTS - August 2021

To: debian-lts@lists.debian.org
Subject: Debian LTS - August 2021
From: Neil Williams <codehelp@debian.org>
Date: Wed, 1 Sep 2021 10:46:11 +0100
Message-id: <[🔎] 20210901104611.0043b688@felix.codehelp>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors

LTS

- mosquitto
  - CVE-2021-34432
    Investigated open security vulnerability in mosquitto server and
    tested whether the server could be forced to fail at the version
    in stretch. Vulnerable code exists but is not exploitable, the CVE
    relates to code introduced later which fails to check the arguments
    to the vulnerable function.

- mupdf
  - CVE-2021-37220 - vulnerable code not present in Stretch.
  - CVE-2021-37218 - Not able to reproduce, upstream fix may be
    incomplete.

- qt4-x11
  - CVE-2020-24742 - vulnerable code introduced later
  - CVE-2020-24741 - vulnerable code introduced later



-- 
Neil Williams
=============
https://linux.codehelp.co.uk/

Attachment: pgpmq2QjTqXPM.pgp
Description: OpenPGP digital signature

Reply to:

Next by Date: Debian LTS and ELTS - August 2021
Next by thread: Debian LTS and ELTS - August 2021
Index(es):
- Date
- Thread