269 lines
19 KiB
XML
269 lines
19 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
|
<DocumentTitle xml:lang="en">An update for mariadb is now available for openEuler-22.03-LTS</DocumentTitle>
|
|
<DocumentType>Security Advisory</DocumentType>
|
|
<DocumentPublisher Type="Vendor">
|
|
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
|
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
|
</DocumentPublisher>
|
|
<DocumentTracking>
|
|
<Identification>
|
|
<ID>openEuler-SA-2022-1616</ID>
|
|
</Identification>
|
|
<Status>Final</Status>
|
|
<Version>1.0</Version>
|
|
<RevisionHistory>
|
|
<Revision>
|
|
<Number>1.0</Number>
|
|
<Date>2022-04-16</Date>
|
|
<Description>Initial</Description>
|
|
</Revision>
|
|
</RevisionHistory>
|
|
<InitialReleaseDate>2022-04-16</InitialReleaseDate>
|
|
<CurrentReleaseDate>2022-04-16</CurrentReleaseDate>
|
|
<Generator>
|
|
<Engine>openEuler SA Tool V1.0</Engine>
|
|
<Date>2022-04-16</Date>
|
|
</Generator>
|
|
</DocumentTracking>
|
|
<DocumentNotes>
|
|
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">mariadb security update</Note>
|
|
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for mariadb is now available for openEuler-22.03-LTS.</Note>
|
|
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.
|
|
|
|
MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.
|
|
|
|
Security Fix(es):
|
|
|
|
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=True for a subquery.(CVE-2021-46658)
|
|
|
|
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.(CVE-2021-46668)
|
|
|
|
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.(CVE-2022-24051)
|
|
|
|
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.(CVE-2022-24050)
|
|
|
|
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.(CVE-2022-24048)</Note>
|
|
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for mariadb is now available for openEuler-22.03-LTS.
|
|
|
|
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
|
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
|
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">mariadb</Note>
|
|
</DocumentNotes>
|
|
<DocumentReferences>
|
|
<Reference Type="Self">
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1616</URL>
|
|
</Reference>
|
|
<Reference Type="openEuler CVE">
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46658</URL>
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46668</URL>
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24051</URL>
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24050</URL>
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24048</URL>
|
|
</Reference>
|
|
<Reference Type="Other">
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-46658</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-46668</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24051</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24050</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24048</URL>
|
|
</Reference>
|
|
</DocumentReferences>
|
|
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
|
<Branch Type="Product Name" Name="openEuler">
|
|
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="aarch64">
|
|
<FullProductName ProductID="mariadb-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-config-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-config-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-common-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-common-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-embedded-devel-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-embedded-devel-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-test-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-test-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-server-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-server-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-devel-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-devel-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-server-galera-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-server-galera-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-embedded-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-embedded-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-backup-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-backup-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-gssapi-server-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-gssapi-server-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-errmsg-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-errmsg-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-debugsource-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-debugsource-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-debuginfo-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-debuginfo-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-oqgraph-engine-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-oqgraph-engine-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-pam-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-pam-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-rocksdb-engine-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-rocksdb-engine-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-server-uitls-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-server-uitls-10.5.15-2.oe2203.aarch64.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="src">
|
|
<FullProductName ProductID="mariadb-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-10.5.15-2.oe2203.src.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="x86_64">
|
|
<FullProductName ProductID="mariadb-gssapi-server-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-gssapi-server-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-common-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-common-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-backup-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-backup-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-debugsource-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-debugsource-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-debuginfo-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-debuginfo-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-devel-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-devel-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-errmsg-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-errmsg-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-embedded-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-embedded-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-oqgraph-engine-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-oqgraph-engine-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-embedded-devel-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-embedded-devel-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-config-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-config-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-server-galera-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-server-galera-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-server-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-server-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-test-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-test-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-pam-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-pam-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="mariadb-server-utils-10.5.15-2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">mariadb-server-utils-10.5.15-2.oe2203.x86_64.rpm</FullProductName>
|
|
</Branch>
|
|
</ProductTree>
|
|
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=True for a subquery.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2022-04-16</ReleaseDate>
|
|
<CVE>CVE-2021-46658</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-22.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>Medium</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>5.5</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>mariadb security update</Description>
|
|
<DATE>2022-04-16</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1616</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2022-04-16</ReleaseDate>
|
|
<CVE>CVE-2021-46668</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-22.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.5</BaseScore>
|
|
<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>mariadb security update</Description>
|
|
<DATE>2022-04-16</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1616</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2022-04-16</ReleaseDate>
|
|
<CVE>CVE-2022-24051</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-22.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.8</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>mariadb security update</Description>
|
|
<DATE>2022-04-16</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1616</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2022-04-16</ReleaseDate>
|
|
<CVE>CVE-2022-24050</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-22.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.8</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>mariadb security update</Description>
|
|
<DATE>2022-04-16</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1616</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2022-04-16</ReleaseDate>
|
|
<CVE>CVE-2022-24048</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-22.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.8</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>mariadb security update</Description>
|
|
<DATE>2022-04-16</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1616</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
</cvrfdoc> |