[Git][security-tracker-team/security-tracker][master] Reserve DLA-2981-1 for lrzip

Sylvain Beucler (@beuc) beuc at debian.org
Wed Apr 13 13:39:07 BST 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83a46f9b by Sylvain Beucler at 2022-04-13T14:38:50+02:00
Reserve DLA-2981-1 for lrzip

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7693,7 +7693,6 @@ CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency us
 	- lrzip 0.650-1
 	[bullseye] - lrzip <no-dsa> (Minor issue)
 	[buster] - lrzip <no-dsa> (Minor issue)
-	[stretch] - lrzip <postponed> (Minor issue, use-after-free with no known impact)
 	NOTE: https://github.com/ckolivas/lrzip/issues/206
 	NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650)
 	NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Apr 2022] DLA-2981-1 lrzip - security update
+	{CVE-2018-5786 CVE-2020-25467 CVE-2021-27345 CVE-2021-27347 CVE-2022-26291}
+	[stretch] - lrzip 0.631-1+deb9u2
 [12 Apr 2022] DLA-2980-1 zabbix - security update
 	{CVE-2022-24349 CVE-2022-24917 CVE-2022-24919}
 	[stretch] - zabbix 1:3.0.32+dfsg-0+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -92,9 +92,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-lrzip (Sylvain Beucler)
-  NOTE: 20220412: 2 CVEs opened following work on jessie (Beuc)
---
 mariadb-10.1
   NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a46f9b0ccc130dcf499b72d2444a92a0d2bc08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a46f9b0ccc130dcf499b72d2444a92a0d2bc08
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/fcfefdcd/attachment.htm>

More information about the debian-security-tracker-commits mailing list