<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Ola Lundqvist pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb34768af8d3cea54683b35604199b19ecda751e">eb34768a</a></strong>

<div>

<span>by Ola Lundqvist</span>

<i>at 2022-05-17T21:45:49+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added needrestart to dla-needed since CVE-2022-30688 is already fixed in buster.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77d2554598ad86135c21e6bb0edb0ea29f3ce78e">77d25545</a></strong>

<div>

<span>by Ola Lundqvist</span>

<i>at 2022-05-17T21:45:49+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added elog to dla-needed with a note to check if it should be postponed or not.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f466ab61a0ed08b33600418514fb0ff95b9d3df9">f466ab61</a></strong>

<div>

<span>by Ola Lundqvist</span>

<i>at 2022-05-17T21:45:50+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Marked CVE-2022-28368 as not-affected for php-dompdf. Checked the code and really tried to find any code that resembles the vulnerable code and could not find anything. So this must mean that the code is not vulnerable.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad3b6a50914eb47d1dd9c4466118326e8163c0b5">ad3b6a50</a></strong>

<div>

<span>by Ola Lundqvist</span>

<i>at 2022-05-17T21:45:51+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Marked CVE-2022-29162 as not-affected for runc in stretch. There is no trace of inheritable capabilities anywhere in the code.

</pre>

</li>

</ul>

<h4>2 changed files:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

<li class="file-stats">

<a href="#451c03275399f1318aed4e8b2d621183019720c6">

data/dla-needed.txt

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34c59c36c72f22d4c96bddb2a5e8b00c4874261d...ad3b6a50914eb47d1dd9c4466118326e8163c0b5#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

<li id="451c03275399f1318aed4e8b2d621183019720c6">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34c59c36c72f22d4c96bddb2a5e8b00c4874261d...ad3b6a50914eb47d1dd9c4466118326e8163c0b5#451c03275399f1318aed4e8b2d621183019720c6"><strong>data/dla-needed.txt</strong></a>

<hr>

<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="56" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="56" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match" style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -56,6 +56,10 @@ debian-security-support (Utkarsh)</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="56" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

56

</td>

<td class="new_line diff-line-num" data-linenumber="56" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

56

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC56" class="line" lang="plaintext">  NOTE: 20220502: backport prepped, will contact Holger for more details. (utkarsh)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="57" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

57

</td>

<td class="new_line diff-line-num" data-linenumber="57" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

57

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC57" class="line" lang="plaintext">  NOTE: 20220516: in review, will also co-help Holger to maintain this. (utkarsh)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="58" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

58

</td>

<td class="new_line diff-line-num" data-linenumber="58" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

58

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC58" class="line" lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

59

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC59" class="line" lang="plaintext">elog</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="60" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

60

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC60" class="line" lang="plaintext">  NOTE: 20220517: Please check further. It looks like a denial of service can be triggered remotely without</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="61" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

61

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC61" class="line" lang="plaintext">  NOTE: 20220517: authentication. If that is the case it should be fixed. If it cannot be triggered remotely then it can be postponed.</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="62" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

62

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC62" class="line" lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

59

</td>

<td class="new_line diff-line-num" data-linenumber="63" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

63

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC63" class="line" lang="plaintext">exempi</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="60" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

60

</td>

<td class="new_line diff-line-num" data-linenumber="64" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

64

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC64" class="line" lang="plaintext">  NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="61" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

61

</td>

<td class="new_line diff-line-num" data-linenumber="65" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

65

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC65" class="line" lang="plaintext">  NOTE: 20220517: is needed.</span>

</pre></td>

</tr>

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="120" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="124" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match" style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -120,6 +124,9 @@ mbedtls (Utkarsh)</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="120" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

120

</td>

<td class="new_line diff-line-num" data-linenumber="124" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

124

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC124" class="line" lang="plaintext">mysql-connector-java</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="121" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

121

</td>

<td class="new_line diff-line-num" data-linenumber="125" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

125

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC125" class="line" lang="plaintext">  NOTE: 20220512: Requires a new upstream version. (apo)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="122" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

122

</td>

<td class="new_line diff-line-num" data-linenumber="126" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

126

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC126" class="line" lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="123" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="127" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

127

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC127" class="line" lang="plaintext">needrestart</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="123" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="128" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

128

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC128" class="line" lang="plaintext">  NOTE: 20220517: Source code is vulnerable also in stretch. Should be easy to fix.</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="123" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="129" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

129

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC129" class="line" lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="123" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

123

</td>

<td class="new_line diff-line-num" data-linenumber="130" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

130

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC130" class="line" lang="plaintext">ntfs-3g</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="124" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

124

</td>

<td class="new_line diff-line-num" data-linenumber="131" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

131

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC131" class="line" lang="plaintext">  NOTE: 20220515: Please recheck. There are currently not enough information</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="125" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

125

</td>

<td class="new_line diff-line-num" data-linenumber="132" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

132

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC132" class="line" lang="plaintext">  NOTE: available. (apo)</span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34c59c36c72f22d4c96bddb2a5e8b00c4874261d...ad3b6a50914eb47d1dd9c4466118326e8163c0b5">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>