[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Correct ordering

Wed Sep 8 08:49:00 BST 2021


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c20f6e6b by Chris Lamb at 2021-09-08T08:47:08+01:00
data/dla-needed.txt: Correct ordering

- - - - -
ba0c8322 by Chris Lamb at 2021-09-08T08:47:17+01:00
data/dla-needed.txt: Triage firefox-esr for stretch LTS (CVE-2021-38493)

- - - - -
8e6e32e8 by Chris Lamb at 2021-09-08T08:47:44+01:00
Triage CVE-2021-39191 in libapache2-mod-auth-openidc for stretch LTS.

- - - - -
e08f848f by Chris Lamb at 2021-09-08T08:48:24+01:00
Triage CVE-2021-3733 in python3.5 for stretch LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2347,6 +2347,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
 	- python3.7 <removed>
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.5 <removed>
+	[stretch] - python3.5 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue43075
 	NOTE: https://github.com/python/cpython/pull/24391
 	NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
@@ -3380,6 +3381,7 @@ CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for t
 	- libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
 	[bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
 	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
+	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672


=====================================
data/dla-needed.txt
=====================================
@@ -12,8 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
---
-ntfs-3g (Abhijith PA)
 --
 amd64-microcode
   NOTE: 20210831: no binary package was built, possibly due to non-free-specific rules
@@ -31,6 +29,8 @@ cacti (Roberto C. Sánchez)
 debian-archive-keyring (Utkarsh)
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
 --
+firefox-esr
+--
 firmware-nonfree
   NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
@@ -58,6 +58,8 @@ mupdf
 nettle (Markus Koschany)
   NOTE: 20210719: difficult backport, wip (Emilio)
 --
+ntfs-3g (Abhijith PA)
+--
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34e7e9f872fc62f1f36a85337aa6bc55c6cc0f3c...e08f848fb3951805302a58f0bdf9d147a23ac4a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34e7e9f872fc62f1f36a85337aa6bc55c6cc0f3c...e08f848fb3951805302a58f0bdf9d147a23ac4a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210908/3fa43fb9/attachment-0001.htm>
