[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Correct ordering

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ceb08c6f by Chris Lamb at 2022-08-15T09:25:35-07:00
data/dla-needed.txt: Correct ordering

- - - - -
056ee9ff by Chris Lamb at 2022-08-15T09:26:58-07:00
data/dla-needed.txt: Triage freecad for buster LTS (CVE-2021-45844 & CVE-2021-45845)

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -32,6 +32,10 @@ curl (Markus Koschany)
 epiphany-browser (Emilio)
   NOTE: 20220811: Programming language: C.
 --
+freecad
+  NOTE: 20220815: Programming language: Python.
+  NOTE: 20220815: Not all of the vulnerable os.system calls exist in the buster version. (lamby)
+--
 jetty9 (Markus Koschany)
   NOTE: 20220802: Programming language: Java.
 --
@@ -42,6 +46,8 @@ kopanocore (Andreas Rönnquist)
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
 --
+linux (Ben Hutchings)
+--
 maven-shared-utils
   NOTE: 20220813: Programming language: Java
   NOTE: 20220813: VCS: https://salsa.debian.org/java-team/maven-shared-utils
@@ -49,8 +55,6 @@ maven-shared-utils
   NOTE: 20220813: Special attention: Relatively high popcon
   NOTE: 20220813: Patch is relatively high. Please check, whether it can safely be applied (Anton)
 --
-linux (Ben Hutchings)
---
 mediawiki (Markus Koschany)
   NOTE: 20220810: Programming language: PHP.
 --
@@ -64,6 +68,16 @@ nodejs
 puma (Abhijith PA)
   NOTE: 20220801: Programming language: Ruby.
 --
+qemu (Abhijith PA)
+  NOTE: 20220802: Programming language: C.
+  NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
+  NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm)
+  NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
+--
+rsync (Stefano Rivera)
+  NOTE: 20220811: Programming language: C.
+  NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton)
+--
 salt
   NOTE: 20220814: Programming language: Python
   NOTE: 20220814: Packages is not in the supported packages by us.
@@ -76,16 +90,6 @@ schroot (carnil)
   NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates
   NOTE: 20220813: Debian security team will release DSA and DLA
 --
-rsync (Stefano Rivera)
-  NOTE: 20220811: Programming language: C.
-  NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton)
---
-qemu (Abhijith PA)
-  NOTE: 20220802: Programming language: C.
-  NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
-  NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm)
-  NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
---
 zlib (Emilio)
   NOTE: 20220813: Programming language: C
   NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f57cf0615ec39fed368e5870588405b736800cca...056ee9ff15773917d30fd1409bb8bef9de807e95

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f57cf0615ec39fed368e5870588405b736800cca...056ee9ff15773917d30fd1409bb8bef9de807e95
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220815/c9ac71c2/attachment-0001.htm>