[Git][security-tracker-team/security-tracker][master] Reserve DLA-2865-1 for resiprocate

Adrian Bunk (@bunk) bunk at debian.org
Wed Dec 29 13:47:55 GMT 2021 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf2f2976 by Adrian Bunk at 2021-12-29T15:47:41+02:00
Reserve DLA-2865-1 for resiprocate

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -225982,7 +225982,6 @@ CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack ca
 CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...)
 	{DLA-1439-1}
 	- resiprocate <removed> (bug #905495)
-	[stretch] - resiprocate <no-dsa> (Minor issue)
 	NOTE: http://joachimdezutter.webredirect.org/advisory.html
 	NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
 CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via a ...)
@@ -279459,7 +279458,6 @@ CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
 CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...)
 	{DLA-1439-1 DLA-1040-1}
 	- resiprocate <removed> (low; bug #869404)
-	[stretch] - resiprocate <no-dsa> (Minor issue)
 	NOTE: https://github.com/resiprocate/resiprocate/pull/88
 	NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8
 CVE-2016-10400 (Directory Traversal exists in ATutor before 2.2.2 via the icon paramet ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Dec 2021] DLA-2865-1 resiprocate - security update
+	{CVE-2017-11521 CVE-2018-12584}
+	[stretch] - resiprocate 1:1.11.0~beta1-3+deb9u2
 [29 Dec 2021] DLA-2864-1 ruby-haml - security update
 	{CVE-2017-1002201}
 	[stretch] - ruby-haml 4.0.7-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -81,8 +81,6 @@ nvidia-graphics-drivers
 pgbouncer (Christoph Berg)
   NOTE: 20211220: maintainer might want to upload fixed version
 --
-resiprocate (Adrian Bunk)
---
 samba (Utkarsh Gupta)
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf2f29764d31aae63a3008389d8aac5d684bf2ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf2f29764d31aae63a3008389d8aac5d684bf2ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211229/ba78f1c8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list