[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2022-1253 as no-dsa for Stretch

Sun Apr 10 23:06:25 BST 2022


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e516b8ce by Thorsten Alteholz at 2022-04-11T00:06:08+02:00
mark CVE-2022-1253 as no-dsa for Stretch

- - - - -
859720f9 by Thorsten Alteholz at 2022-04-11T00:06:08+02:00
add puma

- - - - -
62c5f516 by Thorsten Alteholz at 2022-04-11T00:06:08+02:00
add salt

- - - - -
5ac4913a by Thorsten Alteholz at 2022-04-11T00:06:09+02:00
mark CVE-2021-43725 as no-dsa for Stretch

- - - - -
c46b5006 by Thorsten Alteholz at 2022-04-11T00:06:10+02:00
mark CVE-2021-33657 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -536,6 +536,7 @@ CVE-2022-1254
 	RESERVED
 CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...)
 	- libde265 <unfixed>
+	[stretch] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
 	NOTE: https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
 CVE-2022-1252
@@ -29072,6 +29073,7 @@ CVE-2021-43726
 CVE-2021-43725 (There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login. ...)
 	- spotweb <removed>
 	[buster] - spotweb <no-dsa> (Minor issue)
+	[stretch] - spotweb <no-dsa> (Minor issue)
 	NOTE: https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1
 	NOTE: https://github.com/spotweb/spotweb/issues/718
 CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS throug ...)
@@ -56107,9 +56109,11 @@ CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (S
 	- libsdl1.2 <unfixed>
 	[bullseye] - libsdl1.2 <no-dsa> (Minor issue)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
+	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 2.0.20+dfsg-2
 	[bullseye] - libsdl2 <no-dsa> (Minor issue)
 	[buster] - libsdl2 <no-dsa> (Minor issue)
+	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20)
 CVE-2021-33656
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -113,6 +113,8 @@ openvpn
 pdns
   NOTE: 20220402: harmonize with buster/10.8 (Beuc)
 --
+puma
+--
 puppet-module-puppetlabs-firewall
   NOTE: 20220402: no Debian maintainers activity since 2018 (Beuc)
 --
@@ -121,6 +123,8 @@ ring (Abhijith PA)
  NOTE: 20220404: package in archive is faulty. New regs can't be done due (abhijith)
  NOTE: 20220404: a network error (abhijith
 --
+salt
+--
 samba
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9306762e6bf64fc17d142cd4d753c97cf7f4802e...c46b500648db5d929e7511c29d8731ba5857de17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9306762e6bf64fc17d142cd4d753c97cf7f4802e...c46b500648db5d929e7511c29d8731ba5857de17
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220410/da8224bd/attachment-0001.htm>
