[SECURITY] [DLA 2883-2] uriparser security update

2022-01-2617:15:37

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

45.0%

JSON

Debian LTS Advisory DLA-2883-2 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
January 26, 2022 https://wiki.debian.org/LTS

Package : uriparser
Version : 0.8.4-1+deb9u4
CVE ID : CVE-2021-46141

It was discovered that the fix for CVE-2021-46141 released in
uriparser version 0.8.4-1+deb9u3 was incomplete.

We therefore recommend that you upgrade your uriparser packages to
version 0.8.4-1+deb9u4.

For the detailed security status of uriparser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/uriparser

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10armhfliburiparser1-dbgsym< 0.9.1-1+deb10u1liburiparser1-dbgsym_0.9.1-1+deb10u1_armhf.deb
Debian10arm64liburiparser-dev< 0.9.1-1+deb10u1liburiparser-dev_0.9.1-1+deb10u1_arm64.deb
Debian10allliburiparser-doc< 0.9.1-1+deb10u1liburiparser-doc_0.9.1-1+deb10u1_all.deb
Debian10mipselliburiparser1-dbgsym< 0.9.1-1+deb10u1liburiparser1-dbgsym_0.9.1-1+deb10u1_mipsel.deb
Debian9arm64liburiparser1< 0.8.4-1+deb9u4liburiparser1_0.8.4-1+deb9u4_arm64.deb
Debian10mipsliburiparser1< 0.9.1-1+deb10u1liburiparser1_0.9.1-1+deb10u1_mips.deb
Debian11arm64liburiparser1-dbgsym< 0.9.4+dfsg-1+deb11u1liburiparser1-dbgsym_0.9.4+dfsg-1+deb11u1_arm64.deb
Debian11armhfliburiparser1< 0.9.4+dfsg-1+deb11u1liburiparser1_0.9.4+dfsg-1+deb11u1_armhf.deb
Debian9amd64liburiparser1< 0.8.4-1+deb9u4liburiparser1_0.8.4-1+deb9u4_amd64.deb
Debian11mips64elliburiparser-dev< 0.9.4+dfsg-1+deb11u1liburiparser-dev_0.9.4+dfsg-1+deb11u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	liburiparser1-dbgsym	< 0.9.1-1+deb10u1	liburiparser1-dbgsym_0.9.1-1+deb10u1_armhf.deb
Debian	10	arm64	liburiparser-dev	< 0.9.1-1+deb10u1	liburiparser-dev_0.9.1-1+deb10u1_arm64.deb
Debian	10	all	liburiparser-doc	< 0.9.1-1+deb10u1	liburiparser-doc_0.9.1-1+deb10u1_all.deb
Debian	10	mipsel	liburiparser1-dbgsym	< 0.9.1-1+deb10u1	liburiparser1-dbgsym_0.9.1-1+deb10u1_mipsel.deb
Debian	9	arm64	liburiparser1	< 0.8.4-1+deb9u4	liburiparser1_0.8.4-1+deb9u4_arm64.deb
Debian	10	mips	liburiparser1	< 0.9.1-1+deb10u1	liburiparser1_0.9.1-1+deb10u1_mips.deb
Debian	11	arm64	liburiparser1-dbgsym	< 0.9.4+dfsg-1+deb11u1	liburiparser1-dbgsym_0.9.4+dfsg-1+deb11u1_arm64.deb
Debian	11	armhf	liburiparser1	< 0.9.4+dfsg-1+deb11u1	liburiparser1_0.9.4+dfsg-1+deb11u1_armhf.deb
Debian	9	amd64	liburiparser1	< 0.8.4-1+deb9u4	liburiparser1_0.8.4-1+deb9u4_amd64.deb
Debian	11	mips64el	liburiparser-dev	< 0.9.4+dfsg-1+deb11u1	liburiparser-dev_0.9.4+dfsg-1+deb11u1_mips64el.deb