[Git][security-tracker-team/security-tracker][master] Ignore CVE-2022-21682 and CVE-2021-43860 for flatpak in stretch

Tue Feb 8 12:17:54 GMT 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67f9aaf9 by Sylvain Beucler at 2022-02-08T13:14:07+01:00
Ignore CVE-2022-21682 and CVE-2021-43860 for flatpak in stretch
following secteam analysis at 053f0cd77086c6f73f0d6d33b93833e99ba796c0
+ no LTS contributor claimed it since it was added

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -15258,6 +15258,7 @@ CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution frame
 	{DSA-5049-1}
 	- flatpak 1.12.3-1
 	[buster] - flatpak <ignored> (Intrusive and risky to backport)
+	[stretch] - flatpak <ignored> (Intrusive and risky to backport)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
 	NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
 	NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
@@ -15596,6 +15597,7 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame
 	{DSA-5049-1}
 	- flatpak 1.12.3-1
 	[buster] - flatpak <ignored> (Intrusive and risky to backport)
+	[stretch] - flatpak <ignored> (Intrusive and risky to backport)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
 	NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
 	NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee


=====================================
data/dla-needed.txt
=====================================
@@ -42,9 +42,6 @@ firmware-nonfree (Markus Koschany)
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
   NOTE: 20211207: Intend to release this week.
 --
-flatpak
-  NOTE: 20220113: upcoming DSA; non-trivial backport (Beuc)
---
 gif2apng (Anton)
   NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc)
   NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67f9aaf93d2371937c621db4be16651fd6ad7706

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67f9aaf93d2371937c621db4be16651fd6ad7706
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220208/4c11cfb8/attachment.htm>
