[Git][security-tracker-team/security-tracker][master] Reserve DLA-2831-1 for libntlm

Adrian Bunk (@bunk) bunk at debian.org
Sun Nov 28 19:00:13 GMT 2021



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ab96ba2 by Adrian Bunk at 2021-11-28T20:59:58+02:00
Reserve DLA-2831-1 for libntlm

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -150112,7 +150112,6 @@ CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAu
 	{DLA-2207-1}
 	- libntlm 1.6-1 (bug #942145)
 	[buster] - libntlm 1.5-1+deb10u1
-	[stretch] - libntlm <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/jas/libntlm/issues/2
 	NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e
 CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Nov 2021] DLA-2831-1 libntlm - security update
+	{CVE-2019-17455}
+	[stretch] - libntlm 1.4-8+deb9u1
 [28 Nov 2021] DLA-2830-1 tar - security update
 	{CVE-2018-20482}
 	[stretch] - tar 1.29b-1.1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -56,8 +56,6 @@ libgit2 (Utkarsh)
   NOTE: 20211029: and TAL later next week. (utkarsh)
   NOTE: 20211116: backports prepped; checking build and smoke-testing package. (utkarsh)
 --
-libntlm (Adrian Bunk)
---
 librecad (Sylvain Beucler)
   NOTE: 20211127: also take care of other suites
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ab96ba29320ba8b321eebed52933a5c402848e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ab96ba29320ba8b321eebed52933a5c402848e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211128/63af99ef/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list