[Git][security-tracker-team/security-tracker][master] 2 commits: Claim firmware-nonfree in dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
851a329f by Markus Koschany at 2021-11-16T23:20:07+01:00
Claim firmware-nonfree in dla-needed.txt

- - - - -
83a5b72a by Markus Koschany at 2021-11-16T23:23:10+01:00
Reserve DLA-2819-1 for ntfs-3g

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8031,7 +8031,7 @@ CVE-2021-41655
 CVE-2021-41654
 	RESERVED
 CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware  ...)
-	NOT-FOR-US:  TP-Link
+	NOT-FOR-US: TP-Link
 CVE-2021-41652
 	RESERVED
 CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Nov 2021] DLA-2819-1 ntfs-3g - security update
+	{CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263}
+	[stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u2
 [13 Nov 2021] DLA-2818-1 ffmpeg - security update
 	{CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38171 CVE-2021-38291}
 	[stretch] - ffmpeg 7:3.2.16-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -33,7 +33,7 @@ exiv2 (Thorsten Alteholz)
 firefox-esr (Emilio)
   NOTE: 20211116: blocked on toolchain backports (pochu)
 --
-firmware-nonfree
+firmware-nonfree (Markus Koschany)
   NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
 --
@@ -70,9 +70,6 @@ linux-4.19 (Ben Hutchings)
 --
 mbedtls (Emilio)
 --
-ntfs-3g (Markus Koschany)
-  NOTE: 20211101: too many CVEs (gladk)
---
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3feeb3765955377f8b806786c42ce9fb1b49a89a...83a5b72a4d39814983d32011ce1bc24000d30def

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3feeb3765955377f8b806786c42ce9fb1b49a89a...83a5b72a4d39814983d32011ce1bc24000d30def
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211116/a54ee8f9/attachment-0001.htm>