[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2022-23514 and CVE-2022-23516 as no-dsa for buster.

Sat Dec 31 14:01:16 GMT 2022


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eaa7ac3f by Ola Lundqvist at 2022-12-31T14:59:56+01:00
Marked CVE-2022-23514 and CVE-2022-23516 as no-dsa for buster.

- - - - -
6b93acdc by Ola Lundqvist at 2022-12-31T15:00:19+01:00
LTS: add ruby-loofah to dla-needed.txt

- - - - -
aaef304f by Ola Lundqvist at 2022-12-31T15:00:50+01:00
LTS: add ruby-rails-html-sanitizer to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -74768,12 +74768,14 @@ CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragment
 	NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
 CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	- ruby-loofah 2.19.1-1 (bug #1026083)
+	[buster] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
 CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	- ruby-loofah 2.19.1-1 (bug #1026083)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
 CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
 	- ruby-loofah 2.19.1-1 (bug #1026083)
+	[buster] - ruby-loofah <no-dsa> (Minor issue)
 	NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
 CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...)
 	NOT-FOR-US: Pi-Hole


=====================================
data/dla-needed.txt
=====================================
@@ -270,6 +270,13 @@ rainloop
 ring
   NOTE: 20221120: Programming language: C.
 --
+ruby-loofah
+  NOTE: 20221231: Programming language: Ruby.
+--
+ruby-rails-html-sanitizer
+  NOTE: 20221231: Programming language: Ruby.
+  NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
+--
 runc
   NOTE: 20220905: Programming language: Go.
   NOTE: 20220905: Special attention: Sync with Bullseye.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57fcc46b76de022fe15f97a00c6ec7c61c971cb5...aaef304f68c7725031fb3b94e2c8643982ba2554

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57fcc46b76de022fe15f97a00c6ec7c61c971cb5...aaef304f68c7725031fb3b94e2c8643982ba2554
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221231/b039d850/attachment-0001.htm>
