[Git][security-tracker-team/security-tracker][master] Reserve DSA-5197-1

Mon Aug 1 17:18:11 BST 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c9dc856 by Markus Koschany at 2022-08-01T18:17:48+02:00
Reserve DSA-5197-1

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -107427,20 +107427,17 @@ CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserve
 CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...)
 	{DLA-2773-1}
 	- curl 7.79.1-1
-	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22947.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0)
 CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...)
 	{DLA-2773-1}
 	- curl 7.79.1-1
-	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22946.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
 CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...)
 	- curl 7.79.1-1
-	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <not-affected> (Vulnerable code introduced later)
 	[stretch] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2021-22945.html
@@ -107513,7 +107510,6 @@ CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TE
 CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...)
 	{DLA-2734-1}
 	- curl 7.79.1-1 (bug #991492)
-	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22924.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4)
@@ -107599,7 +107595,6 @@ CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure
 CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...)
 	{DLA-2734-1}
 	- curl 7.79.1-1 (bug #989228)
-	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22898.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Aug 2022] DSA-5197-1 curl - security update
+	{CVE-2021-22898 CVE-2021-22924 CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208}
+	[bullseye] - curl 7.74.0-1.3+deb11u2
 [31 Jul 2022] DSA-5196-1 libpgjava - security update
 	{CVE-2022-21724 CVE-2022-26520}
 	[buster] - libpgjava 42.2.5-2+deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 asterisk
 --
-curl (apo)
---
 epiphany-browser
 --
 freecad (aron)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c9dc856798cdc64189cda30d179b4985b06d0e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c9dc856798cdc64189cda30d179b4985b06d0e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220801/3fda3421/attachment.htm>
