[Git][security-tracker-team/security-tracker][master] 4 commits: Mark CVE-2021-4156/libsndfile as no-dsa for stretch

Sun Dec 26 20:32:47 GMT 2021


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0be19354 by Utkarsh Gupta at 2021-12-27T02:02:01+05:30
Mark CVE-2021-4156/libsndfile as no-dsa for stretch

- - - - -
51652ffc by Utkarsh Gupta at 2021-12-27T02:02:01+05:30
Mark CVE-2021-4147/libvirt for stretch

- - - - -
eee03239 by Utkarsh Gupta at 2021-12-27T02:02:01+05:30
Add note for CVE-2021-45101/condor

- - - - -
8bb9e0bc by Utkarsh Gupta at 2021-12-27T02:02:18+05:30
Add apache2 to dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -518,6 +518,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
 	- libsndfile <unfixed>
 	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	[buster] - libsndfile <no-dsa> (Minor issue)
+	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/731
 	NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
 CVE-2021-4155
@@ -967,6 +968,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver]
 	- libvirt <unfixed> (bug #1002535)
 	[bullseye] - libvirt <no-dsa> (Minor issue)
 	[buster] - libvirt <no-dsa> (Minor issue)
+	[stretch] - libvirt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
 	NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
 	NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8


=====================================
data/dla-needed.txt
=====================================
@@ -18,8 +18,12 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
+apache2
+--
 condor (Anton)
   NOTE: 20211216: full details embargoed
+  NOTE: 20211227: the fix is out and now available; cf:
+  NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee. (utkarsh)
 --
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f...8bb9e0bcdc8e9984f3712cb90a83617208f9a897

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f...8bb9e0bcdc8e9984f3712cb90a83617208f9a897
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211226/7a61de85/attachment-0001.htm>
