[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-9488,apache-log4j2: Remove no-dsa tag
Markus Koschany (@apo)
apo at debian.org
Sun Dec 26 20:27:20 GMT 2021
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
240c08e9 by Markus Koschany at 2021-12-26T21:25:55+01:00
CVE-2020-9488,apache-log4j2: Remove no-dsa tag
- - - - -
b7ec1f90 by Markus Koschany at 2021-12-26T21:27:09+01:00
Reserve DLA-2852-1 for apache-log4j2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -125406,7 +125406,6 @@ CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in
CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...)
- apache-log4j2 2.13.3-1 (bug #959450)
[buster] - apache-log4j2 2.15.0-1~deb10u1
- [stretch] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Dec 2021] DLA-2852-1 apache-log4j2 - security update
+ {CVE-2020-9488 CVE-2021-45105}
+ [stretch] - apache-log4j2 2.12.3-0+deb9u1
[26 Dec 2021] DLA-2851-1 libextractor - security update
{CVE-2019-15531}
[stretch] - libextractor 1:1.3-4+deb9u4
=====================================
data/dla-needed.txt
=====================================
@@ -18,8 +18,6 @@ ansible
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
-apache-log4j2 (Markus Koschany)
---
condor (Anton)
NOTE: 20211216: full details embargoed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d2e052efcbe1f72829fa700ef33112100b2055c...b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d2e052efcbe1f72829fa700ef33112100b2055c...b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211226/fb998710/attachment.htm>
More information about the debian-security-tracker-commits
mailing list