[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-9488,apache-log4j2: Remove no-dsa tag

Markus Koschany (@apo) apo at debian.org
Sun Dec 26 20:27:20 GMT 2021



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
240c08e9 by Markus Koschany at 2021-12-26T21:25:55+01:00
CVE-2020-9488,apache-log4j2: Remove no-dsa tag

- - - - -
b7ec1f90 by Markus Koschany at 2021-12-26T21:27:09+01:00
Reserve DLA-2852-1 for apache-log4j2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -125406,7 +125406,6 @@ CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in
 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j  ...)
 	- apache-log4j2 2.13.3-1 (bug #959450)
 	[buster] - apache-log4j2 2.15.0-1~deb10u1
-	[stretch] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
 	[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
 	NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Dec 2021] DLA-2852-1 apache-log4j2 - security update
+	{CVE-2020-9488 CVE-2021-45105}
+	[stretch] - apache-log4j2 2.12.3-0+deb9u1
 [26 Dec 2021] DLA-2851-1 libextractor - security update
 	{CVE-2019-15531}
 	[stretch] - libextractor 1:1.3-4+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -18,8 +18,6 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-apache-log4j2 (Markus Koschany)
---
 condor (Anton)
   NOTE: 20211216: full details embargoed
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d2e052efcbe1f72829fa700ef33112100b2055c...b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d2e052efcbe1f72829fa700ef33112100b2055c...b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211226/fb998710/attachment.htm>


More information about the debian-security-tracker-commits mailing list