[Git][security-tracker-team/security-tracker][master] 3 commits: Claim qemu in dla-needed.txt

Markus Koschany (@apo) apo at debian.org
Fri Aug 27 15:48:54 BST 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b2f730f by Markus Koschany at 2021-08-25T22:21:27+02:00
Claim qemu in dla-needed.txt

- - - - -
62d86128 by Markus Koschany at 2021-08-27T16:43:44+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -
2ca942d6 by Markus Koschany at 2021-08-27T16:47:27+02:00
Mark all open CVE for libxstream-java as fixed in unstable

Starting with version 1.4.18 libxstream-java no longer uses a blacklist as the
default.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2162,47 +2162,47 @@ CVE-2021-39156 (Istio is an open source platform for providing a uniform way to
 CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...)
 	NOT-FOR-US: Istio
 CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
 	NOTE: https://x-stream.github.io/CVE-2021-39154.html
 CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
 	NOTE: https://x-stream.github.io/CVE-2021-39153.html
 CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
 	NOTE: https://x-stream.github.io/CVE-2021-39152.html
 CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
 	NOTE: https://x-stream.github.io/CVE-2021-39151.html
 CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
 	NOTE: https://x-stream.github.io/CVE-2021-39150.html
 CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
 	NOTE: https://x-stream.github.io/CVE-2021-39149.html
 CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
 	NOTE: https://x-stream.github.io/CVE-2021-39148.html
 CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
 	NOTE: https://x-stream.github.io/CVE-2021-39147.html
 CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
 	NOTE: https://x-stream.github.io/CVE-2021-39146.html
 CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
 	NOTE: https://x-stream.github.io/CVE-2021-39145.html
 CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
 	NOTE: https://x-stream.github.io/CVE-2021-39144.html
 CVE-2021-39143
@@ -2210,15 +2210,15 @@ CVE-2021-39143
 CVE-2021-39142
 	RESERVED
 CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
 	NOTE: https://x-stream.github.io/CVE-2021-39141.html
 CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
 	NOTE: https://x-stream.github.io/CVE-2021-39140.html
 CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...)
-	- libxstream-java <unfixed>
+	- libxstream-java 1.4.18-1
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
 	NOTE: https://x-stream.github.io/CVE-2021-39139.html
 CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...)


=====================================
data/dla-needed.txt
=====================================
@@ -66,6 +66,8 @@ python-babel
   NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith)
   NOTE: 20210620: Revisit when it has an assigned CVE ID (abhijith)
 --
+qemu (Markus Koschany)
+--
 ruby-kaminari
   NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to
   NOTE: 20200819: the one upstream or in its many forks. For example, both dthe



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc46c3d6b2f0ed7d26f9cc4738e245ef6249646a...2ca942d60c156dcb686c1e451b68232f94d33561

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc46c3d6b2f0ed7d26f9cc4738e245ef6249646a...2ca942d60c156dcb686c1e451b68232f94d33561
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210827/d1278ac6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list