<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

Ola Lundqvist pushed to branch master at <a href="https://salsa.debian.org/security-tracker-team/security-tracker" style="color: #1068bf;">Debian Security Tracker / security-tracker</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e0c77f42b564151680e651a0d69fa5dd8514d8" style="color: #1068bf;">77e0c77f</a></strong>

<div>

<span> by Ola Lundqvist </span> <i> at 2022-11-02T22:51:43+01:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Removed rabbitmq-server from dla-needed. Noted the related CVE as not-affected for buster. Also added a note that buster is in fact affected by a worse problem that the CVE described but that is still minor and therefore no extra CVE should be necessary for that.

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

2 changed files:

</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3" style="color: #1068bf;">

data/CVE/list

</a>

</li>

<li class="file-stats">

<a href="#451c03275399f1318aed4e8b2d621183019720c6" style="color: #1068bf;">

data/dla-needed.txt

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e0c77f42b564151680e651a0d69fa5dd8514d8#4716ef5aa8f2742228ba3b3633215c8b808565e3" style="color: #1068bf;"><strong style="font-weight: bold;">data/CVE/list</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

No preview for this file type

<br>

</li>

<li id="451c03275399f1318aed4e8b2d621183019720c6">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e0c77f42b564151680e651a0d69fa5dd8514d8#451c03275399f1318aed4e8b2d621183019720c6" style="color: #1068bf;"><strong style="font-weight: bold;">data/dla-needed.txt</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

<table class="code white" style="border-spacing: 0; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="211" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="211" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match" style="color: rgba(0,0,0,0.3); padding: inherit;" bgcolor="#fafafa">@@ -211,12 +211,6 @@ r-cran-commonmark</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="211" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

211

</td>

<td class="new_line diff-line-num" data-linenumber="211" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

211

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC211" class="line" lang="plaintext">  NOTE: 20221009: Programming language: R.</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="212" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

212

</td>

<td class="new_line diff-line-num" data-linenumber="212" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

212

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC212" class="line" lang="plaintext">  NOTE: 20221009: Please synchronize with ghostwriter.</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="213" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

213

</td>

<td class="new_line diff-line-num" data-linenumber="213" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

213

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC213" class="line" lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

214

</td>

<td class="new_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC214" class="line" lang="plaintext">rabbitmq-server</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="215" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

215

</td>

<td class="new_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC215" class="line" lang="plaintext">  NOTE: 20221031: Programming language: Erlang.</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="216" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

216

</td>

<td class="new_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC216" class="line" lang="plaintext">  NOTE: 20221031: New configuration option. Should be studied further..</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="217" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

217

</td>

<td class="new_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC217" class="line" lang="plaintext">  NOTE: 20221031: Potentially the outcome is to ignore the issue..</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="218" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

218

</td>

<td class="new_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC218" class="line" lang="plaintext">  NOTE: 20221101: The package is not vulnerable to that URLs can be decoded because they are not even encoded. That is most likely a much worse problem, but requires some more investigations. Possible a new CVE is needed for that.</span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="219" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

219

</td>

<td class="new_line diff-line-num old" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC219" class="line" lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="220" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

220

</td>

<td class="new_line diff-line-num" data-linenumber="214" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

214

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC214" class="line" lang="plaintext">rails (Abhijith PA)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="221" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

221

</td>

<td class="new_line diff-line-num" data-linenumber="215" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

215

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC215" class="line" lang="plaintext">  NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="222" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

222

</td>

<td class="new_line diff-line-num" data-linenumber="216" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fafafa">

216

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'> <span id="LC216" class="line" lang="plaintext">  NOTE: 20220909: Two issues https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith)</span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e0c77f42b564151680e651a0d69fa5dd8514d8" style="color: #1068bf;">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org" style="color: #1068bf;">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link" style="color: #1068bf;">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link" style="color: #1068bf;">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e0c77f42b564151680e651a0d69fa5dd8514d8"}}</script>

</p>

</div>

</body>

</html>