[Git][security-tracker-team/security-tracker][master] Reserve DLA-2864-1 for ruby-haml

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Wed Dec 29 12:39:24 GMT 2021 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33451fc1 by Utkarsh Gupta at 2021-12-29T18:09:01+05:30
Reserve DLA-2864-1 for ruby-haml

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -155405,7 +155405,6 @@ CVE-2019-17597
 CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input  ...)
 	{DLA-1986-1}
 	- ruby-haml 5.0.4-1
-	[stretch] - ruby-haml <no-dsa> (Minor issue)
 	NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
 	NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
 CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Dec 2021] DLA-2864-1 ruby-haml - security update
+	{CVE-2017-1002201}
+	[stretch] - ruby-haml 4.0.7-1+deb9u1
 [29 Dec 2021] DLA-2863-1 firefox-esr - security update
 	{CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546}
 	[stretch] - firefox-esr 91.4.1esr-1~deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -83,10 +83,6 @@ pgbouncer (Christoph Berg)
 --
 resiprocate (Adrian Bunk)
 --
-ruby-haml (Utkarsh Gupta)
-  NOTE: 20211229: more commits to be added rather than just one.
-  NOTE: 20211229: taking over w/ permission since fixed it earlier as well. (utkarsh)
---
 samba (Utkarsh Gupta)
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33451fc11ae5cc84080f2b0f62b33dc328861f89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33451fc11ae5cc84080f2b0f62b33dc328861f89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211229/c8413c0c/attachment.htm>

More information about the debian-security-tracker-commits mailing list