[Git][security-tracker-team/security-tracker][master] Reserve DLA-2835-1 for rsyslog

Adrian Bunk (@bunk) bunk at debian.org
Tue Nov 30 23:32:57 GMT 2021



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
219cfabd by Adrian Bunk at 2021-11-30T23:32:43+00:00
Reserve DLA-2835-1 for rsyslog

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -151650,13 +151650,11 @@ CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconam
 	{DLA-1952-1}
 	- rsyslog 8.1910.0-1 (bug #942065)
 	[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
-	[stretch] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
 	NOTE: https://github.com/rsyslog/rsyslog/pull/3883
 CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
 	{DLA-1952-1}
 	- rsyslog 8.1910.0-1 (bug #942067)
 	[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
-	[stretch] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
 	NOTE: https://github.com/rsyslog/rsyslog/pull/3884
 CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
 	- rsyslog 8.1910.0-1 (unimportant)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Nov 2021] DLA-2835-1 rsyslog - security update
+	{CVE-2019-17041 CVE-2019-17042}
+	[stretch] - rsyslog 8.24.0-1+deb9u1
 [30 Nov 2021] DLA-2834-1 uriparser - security update
 	{CVE-2018-20721}
 	[stretch] - uriparser 0.8.4-1+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -84,8 +84,6 @@ puppet
 --
 roundcube (Markus Koschany)
 --
-rsyslog (Adrian Bunk)
---
 rustc (Roberto C. Sánchez)
   NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
   NOTE: https://bugs.debian.org/928422



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/219cfabdf0987953e9b87db248c5e7448beac5fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/219cfabdf0987953e9b87db248c5e7448beac5fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211130/7856db72/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list