[Git][security-tracker-team/security-tracker][master] Reserve DLA-3243-1 for php7.3

Thu Dec 15 18:31:16 GMT 2022


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60856d4a by Emilio Pozuelo Monfort at 2022-12-15T19:30:55+01:00
Reserve DLA-3243-1 for php7.3

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45917,7 +45917,6 @@ CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.
 	- php8.1 8.1.7-1 (bug #1014533)
 	- php7.4 <removed>
 	- php7.3 <removed>
-	[buster] - php7.3 <postponed> (Minor issue, fix along with next security release)
 	- php7.0 <removed>
 	[stretch] - php7.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7
@@ -45928,7 +45927,6 @@ CVE-2022-31625 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.
 	- php8.1 8.1.7-1 (bug #1014533)
 	- php7.4 <removed>
 	- php7.3 <removed>
-	[buster] - php7.3 <postponed> (Minor issue, fix along with next security release)
 	- php7.0 <removed>
 	[stretch] - php7.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7
@@ -142744,7 +142742,6 @@ CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x
 	- php8.0 <removed>
 	- php7.4 7.4.26-1
 	- php7.3 <removed>
-	[buster] - php7.3 <no-dsa> (Minor issue, fix along with next DSA)
 	- php7.0 <removed>
 	[stretch] - php7.0 <no-dsa> (Minor issue, fix along with next DLA)
 	NOTE: Fixed in 8.1.0, 8.0.13, 7.4.26, 7.3.33


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Dec 2022] DLA-3243-1 php7.3 - security update
+	{CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454}
+	[buster] - php7.3 7.3.31-1~deb10u2
 [15 Dec 2022] DLA-3242-1 thunderbird - security update
 	{CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882}
 	[buster] - thunderbird 1:102.6.0-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -218,11 +218,6 @@ php-cas
   NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk)
   NOTE: 20221110: upcoming DSA (Beuc/front-desk)
 --
-php7.3 (Emilio)
-  NOTE: 20221031: Programming language: C.
-  NOTE: 20221031: CVE-2022-37454 is what is of most concern.
-  NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html
---
 pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60856d4af26985e319cc670deecedbbce9c6b263

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60856d4af26985e319cc670deecedbbce9c6b263
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221215/4698138a/attachment.htm>
