[Git][security-tracker-team/security-tracker][master] Reserve DLA-3231-1 for dlt-daemon
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Wed Dec 7 10:36:17 GMT 2022
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
efc6d52b by Utkarsh Gupta at 2022-12-07T16:05:57+05:30
Reserve DLA-3231-1 for dlt-daemon
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -44719,7 +44719,6 @@ CVE-2022-31292
CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows atta ...)
- dlt-daemon 2.18.6-2.1 (bug #1014534)
[bullseye] - dlt-daemon 2.18.6-1+deb11u1
- [buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/COVESA/dlt-daemon/pull/376
NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
CVE-2022-31290 (A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 ...)
@@ -127743,7 +127742,6 @@ CVE-2021-23201 (NVIDIA GPU and Tegra hardware contain a vulnerability in an inte
NOT-FOR-US: NVIDIA
CVE-2020-36244 (The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to ...)
- dlt-daemon 2.18.6-1
- [buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/GENIVI/dlt-daemon/issues/265
NOTE: https://github.com/GENIVI/dlt-daemon/pull/269
NOTE: https://github.com/GENIVI/dlt-daemon/commit/af734fe097ed379b0aa5fcf551886b1ce5098052 (v2.18.6)
@@ -150161,7 +150159,6 @@ CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q=
NOT-FOR-US: EventON plugin for WordPress
CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c from ...)
- dlt-daemon 2.18.5-0.3 (bug #976228)
- [buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
NOTE: https://github.com/GENIVI/dlt-daemon/pull/275
NOTE: https://github.com/GENIVI/dlt-daemon/commit/ff4f44c159df6f44b48bd38c9d2f104eb360be11
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Dec 2022] DLA-3231-1 dlt-daemon - security update
+ {CVE-2020-29394 CVE-2020-36244 CVE-2022-31291}
+ [buster] - dlt-daemon 2.18.0-1+deb10u1
[07 Dec 2022] DLA-3230-1 jqueryui - security update
{CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160}
[buster] - jqueryui 1.12.1+dfsg-5+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -30,9 +30,6 @@ curl (Roberto C. Sánchez)
NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/curl.git
NOTE: 20220904: Special attention: high popcon!.
--
-dlt-daemon (Utkarsh)
- NOTE: 20221207: Programming language: C.
---
erlang
NOTE: 20221119: Programming language: Erlang.
NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc6d52bfc1d48084fb197c441b5a71b876c78ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc6d52bfc1d48084fb197c441b5a71b876c78ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221207/75f4a847/attachment.htm>
More information about the debian-security-tracker-commits
mailing list