[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Fix "release notes not ordered properly"

Wed Dec 21 00:05:46 GMT 2022


Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b10624a by Ben Hutchings at 2022-12-21T01:03:11+01:00
data/CVE/list: Fix "release notes not ordered properly"

- - - - -
cd9da6f7 by Ben Hutchings at 2022-12-21T01:03:35+01:00
Reserve DLA-3245-1 for linux

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3123,8 +3123,8 @@ CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declare
 CVE-2022-4415
 	RESERVED
 	- systemd <unfixed>
-	[buster] - systemd <not-affected> (Vulnerable code introduced later)
 	[bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - systemd <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce
 	NOTE: Affects only v247 and newer, and only if building with libacl support
 CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...)
@@ -52851,7 +52851,6 @@ CVE-2022-1526 (A vulnerability, which was classified as problematic, was found i
 CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Spectre  ...)
 	{DSA-5207-1 DLA-3102-1}
 	- linux 5.18.14-1
-	[buster] - linux <ignored> (Mitigation is too invasive to backport)
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Dec 2022] DLA-3245-1 linux - security update
+	{CVE-2022-2978 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3564 CVE-2022-3565 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-4378 CVE-2022-20369 CVE-2022-29901 CVE-2022-40768 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750}
+	[buster] - linux 4.19.269-1
 [20 Dec 2022] DLA-3244-1 linux-5.10 - security update
 	{CVE-2021-3759 CVE-2022-3169 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3564 CVE-2022-3565 CVE-2022-3594 CVE-2022-3628 CVE-2022-3640 CVE-2022-3643 CVE-2022-4139 CVE-2022-4378 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521}
 	[buster] - linux-5.10 5.10.158-2~deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cbcf0ca5db58077f858e18977bddf7c17590dad8...cd9da6f72abaac6b96b60ac0984487a6bf1eb337

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cbcf0ca5db58077f858e18977bddf7c17590dad8...cd9da6f72abaac6b96b60ac0984487a6bf1eb337
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221221/eaaa31dd/attachment.htm>
