[Git][security-tracker-team/security-tracker][master] Reserve DLA-2835-1 for rsyslog
Adrian Bunk (@bunk)
bunk at debian.org
Tue Nov 30 23:32:57 GMT 2021
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
219cfabd by Adrian Bunk at 2021-11-30T23:32:43+00:00
Reserve DLA-2835-1 for rsyslog
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -151650,13 +151650,11 @@ CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconam
{DLA-1952-1}
- rsyslog 8.1910.0-1 (bug #942065)
[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
- [stretch] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3883
CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
{DLA-1952-1}
- rsyslog 8.1910.0-1 (bug #942067)
[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
- [stretch] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3884
CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
- rsyslog 8.1910.0-1 (unimportant)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Nov 2021] DLA-2835-1 rsyslog - security update
+ {CVE-2019-17041 CVE-2019-17042}
+ [stretch] - rsyslog 8.24.0-1+deb9u1
[30 Nov 2021] DLA-2834-1 uriparser - security update
{CVE-2018-20721}
[stretch] - uriparser 0.8.4-1+deb9u2
=====================================
data/dla-needed.txt
=====================================
@@ -84,8 +84,6 @@ puppet
--
roundcube (Markus Koschany)
--
-rsyslog (Adrian Bunk)
---
rustc (Roberto C. Sánchez)
NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
NOTE: https://bugs.debian.org/928422
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/219cfabdf0987953e9b87db248c5e7448beac5fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/219cfabdf0987953e9b87db248c5e7448beac5fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211130/7856db72/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list