[Git][security-tracker-team/security-tracker][master] 2 commits: Mark unbound CVE as end-of-life

Markus Koschany apo at debian.org
Thu May 6 18:04:31 BST 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
727c4821 by Markus Koschany at 2021-05-06T19:02:11+02:00
Mark unbound CVE as end-of-life

unbound in Stretch is no longer supported. Users should use unbound1.9 instead.

- - - - -
9a2f9356 by Markus Koschany at 2021-05-06T19:04:19+02:00
Reserve DLA-2652-1 for unbound1.9

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -697,39 +697,51 @@ CVE-2021-31816
 	RESERVED
 CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640
 CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
 CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in  ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
 CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation  ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
 CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation  ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
 CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5
 CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d
 CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c
 CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd
 CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
 CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
 CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...)
 	- unbound 1.9.6-1
+	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
 	NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
 CVE-2021-3513
 	NOT-FOR-US: Keycloak


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 May 2021] DLA-2652-1 unbound1.9 - security update
+	{CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042}
+	[stretch] - unbound1.9 1.9.0-2+deb10u2~deb9u2
 [06 May 2021] DLA-2651-1 python-django - security update
 	{CVE-2021-31542}
 	[stretch] - python-django 1:1.10.7-2+deb9u13



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb19c3764feeb668631a5344a786542180bdf588...9a2f93567f61960018b7defa4ee3a07467252214

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb19c3764feeb668631a5344a786542180bdf588...9a2f93567f61960018b7defa4ee3a07467252214
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/19ce8f25/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list