[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gerbv update

Tue Dec 27 13:58:51 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
435588ce by Salvatore Bonaccorso at 2022-12-27T14:58:21+01:00
Reserve DSA number for gerbv update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -98626,7 +98626,6 @@ CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.c
 CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
 	{DLA-3210-1}
 	- gerbv 2.9.2-1
-	[bullseye] - gerbv <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
 	NOTE: https://github.com/gerbv/gerbv/issues/82
 	NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878 (v2.9.1-rc.1)
@@ -98660,7 +98659,6 @@ CVE-2021-40395
 	REJECTED
 CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
 	- gerbv 2.8.1-1
-	[bullseye] - gerbv <no-dsa> (Minor issue)
 	[buster] - gerbv <no-dsa> (Minor issue)
 	[stretch] - gerbv <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405
@@ -98668,7 +98666,6 @@ CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X apert
 	NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1)
 CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
 	- gerbv 2.8.2-1
-	[bullseye] - gerbv <no-dsa> (Minor issue)
 	[buster] - gerbv <no-dsa> (Minor issue)
 	[stretch] - gerbv <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Dec 2022] DSA-5306-1 gerbv - security update
+	{CVE-2021-40393 CVE-2021-40394 CVE-2021-40401 CVE-2021-40403}
+	[bullseye] - gerbv 2.7.0-2+deb11u2
 [21 Dec 2022] DSA-5305-1 libksba - security update
 	{CVE-2022-47629}
 	[bullseye] - libksba 1.5.0-3+deb11u2


=====================================
data/dsa-needed.txt
=====================================
@@ -17,9 +17,6 @@ curl
 --
 frr
 --
-gerbv (carnil)
- Aron proposed debdiff for review
---
 lava
 --
 linux (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/435588ce023492b08926739fcc7930819f28d616

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/435588ce023492b08926739fcc7930819f28d616
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221227/9d0b1bb6/attachment-0001.htm>
