[Git][security-tracker-team/security-tracker][master] Reserve DLA-2801-1 for cron
Adrian Bunk (@bunk)
bunk at debian.org
Sat Oct 30 19:05:33 BST 2021
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e39331b by Adrian Bunk at 2021-10-30T21:05:00+03:00
Reserve DLA-2801-1 for cron
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -169773,17 +169773,14 @@ CVE-2019-9707
CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
{DLA-1723-1}
- cron 3.0pl1-133 (low)
- [stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/26814a26
CVE-2019-9706 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
{DLA-1723-1}
- cron 3.0pl1-133 (bug #809167)
- [stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/40791b93
CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
{DLA-1723-1}
- cron 3.0pl1-133 (low)
- [stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567
CVE-2019-9703 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible ...)
NOT-FOR-US: Symantec
@@ -274029,7 +274026,6 @@ CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with
CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...)
{DLA-1723-1}
- cron 3.0pl1-129 (bug #864466)
- [stretch] - cron <no-dsa> (Minor issue)
[wheezy] - cron <no-dsa> (Minor issue)
- systemd-cron 1.5.17-2 (bug #993731)
[bullseye] - systemd-cron <no-dsa> (Minor issue)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Oct 2021] DLA-2801-1 cron - security update
+ {CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706}
+ [stretch] - cron 3.0pl1-128+deb9u2
[30 Oct 2021] DLA-2800-1 cups - security update
{CVE-2020-10001}
[stretch] - cups 2.2.1-8+deb9u7
=====================================
data/dla-needed.txt
=====================================
@@ -20,8 +20,6 @@ ansible
--
botan1.10 (Anton Gladky)
--
-cron (Adrian Bunk)
---
debian-archive-keyring
NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e39331b89d534b0b67526c032361242ac7e58a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e39331b89d534b0b67526c032361242ac7e58a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211030/4fb1a7e2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list