[Git][security-tracker-team/security-tracker][master] Reserve DLA-2910-1 for ldns.

Thu Feb 3 23:03:12 GMT 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3762710 by Chris Lamb at 2022-02-03T15:02:40-08:00
Reserve DLA-2910-1 for ldns.

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -271964,7 +271964,6 @@ CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Direc
 	- i-librarian <itp> (bug #649291)
 CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...)
 	- ldns 1.7.0-4 (bug #882014)
-	[stretch] - ldns <no-dsa> (Minor issue)
 	[jessie] - ldns <no-dsa> (Minor issue)
 	[wheezy] - ldns <not-affected> (Vulnerable code not present)
 	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
@@ -271972,7 +271971,6 @@ CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have u
 CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified  ...)
 	{DLA-1182-1}
 	- ldns 1.7.0-4 (bug #882015)
-	[stretch] - ldns <no-dsa> (Minor issue)
 	[jessie] - ldns <no-dsa> (Minor issue)
 	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
 	NOTE: https://github.com/NLnetLabs/ldns/commit/c8391790c96d4c8a2c10f9ab1460fda83b509fc2


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Feb 2022] DLA-2910-1 ldns - security update
+	{CVE-2017-1000231 CVE-2017-1000232 CVE-2020-19860 CVE-2020-19861}
+	[stretch] - ldns 1.7.0-1+deb9u1
 [03 Feb 2022] DLA-2909-1 strongswan - security update
 	{CVE-2021-45079}
 	[stretch] - strongswan 5.5.1-4+deb9u6


=====================================
data/dla-needed.txt
=====================================
@@ -55,9 +55,6 @@ gpac (Roberto C. Sánchez)
 guacamole-client (Markus Koschany)
   NOTE: 20220114: package unmaintained AFAICS and only present in stretch (Beuc)
 --
-ldns (Chris Lamb)
-  NOTE: 20220203: 4 minor CVEs to fix (Beuc)
---
 libarchive (Thorsten Alteholz)
   NOTE: 20220116: waiting for upload in higher releases
   NOTE: 20220130: new CVEs arrived



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3762710ac2f64d49c2d7667f1d01531bcfe63eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3762710ac2f64d49c2d7667f1d01531bcfe63eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220203/45842b2e/attachment-0001.htm>
