[Git][security-tracker-team/security-tracker][master] Reserve DLA-3074-1 for epiphany-browser

Thu Aug 18 08:46:51 BST 2022


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cea4b47 by Emilio Pozuelo Monfort at 2022-08-18T09:46:31+02:00
Reserve DLA-3074-1 for epiphany-browser

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50324,14 +50324,12 @@ CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Acc
 CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
 	{DSA-5042-1}
 	- epiphany-browser 41.2-1
-	[buster] - epiphany-browser <no-dsa> (Minor issue)
 	[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
 CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
 	{DSA-5042-1}
 	- epiphany-browser 41.2-1
-	[buster] - epiphany-browser <no-dsa> (Minor issue)
 	[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
@@ -50345,7 +50343,6 @@ CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x b
 CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
 	{DSA-5042-1}
 	- epiphany-browser 41.2-1
-	[buster] - epiphany-browser <no-dsa> (Minor issue)
 	[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Aug 2022] DLA-3074-1 epiphany-browser - security update
+	{CVE-2021-45085 CVE-2021-45087 CVE-2021-45088 CVE-2022-29536}
+	[buster] - epiphany-browser 3.32.1.2-3~deb10u2
 [17 Aug 2022] DLA-3073-1 webkit2gtk - security update
 	{CVE-2022-32792 CVE-2022-32816}
 	[buster] - webkit2gtk 2.36.6-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -29,9 +29,6 @@ asterisk (Markus Koschany)
 curl (Markus Koschany)
   NOTE: 20220802: Programming language: C.
 --
-epiphany-browser (Emilio)
-  NOTE: 20220811: Programming language: C.
---
 freecad (Emilio)
   NOTE: 20220815: Programming language: Python.
   NOTE: 20220815: Not all of the vulnerable os.system calls exist in the buster version. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cea4b479af84a5fc41316a6273525a1714358d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cea4b479af84a5fc41316a6273525a1714358d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/d9d1a0f5/attachment-0001.htm>
