[Git][security-tracker-team/security-tracker][master] 9 commits: add zsh

Mon Feb 14 00:58:57 GMT 2022


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
851b7685 by Thorsten Alteholz at 2022-02-14T01:58:33+01:00
add zsh

- - - - -
3b5d32ea by Thorsten Alteholz at 2022-02-14T01:58:33+01:00
mark CVE-2022-24976 as postponed for Stretch

- - - - -
e3d03ba5 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
update note

- - - - -
28778f86 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add intel-microcode

- - - - -
e810200b by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
mark CVE-2022-0497 and CVE-2022-0496 as no-dsa for Stretch

- - - - -
ffc9aa43 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add h2database

- - - - -
c9703061 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add libxstream-java

- - - - -
81199839 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
mark CVE-2022-23437 as postponed for Stretch

- - - - -
23ffd3fb by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add htmldoc

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,6 +14,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with
 	- atheme-services <unfixed>
 	[bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
 	[buster] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
+	[stretch] - atheme-services <postponed> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
 	NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
 CVE-2022-0577
@@ -1374,10 +1375,12 @@ CVE-2022-0498
 CVE-2022-0497
 	RESERVED
 	- openscad 2021.01-4 (bug #1005641)
+	[stretch] - openscad <no-dsa> (Minor issue)
 	NOTE: https://github.com/openscad/openscad/issues/4043
 CVE-2022-0496
 	RESERVED
 	- openscad 2021.01-4 (bug #1005641)
+	[stretch] - openscad <no-dsa> (Minor issue)
 	NOTE: https://github.com/openscad/openscad/issues/4037
 CVE-2022-0495
 	RESERVED
@@ -4725,6 +4728,7 @@ CVE-2022-23438
 	RESERVED
 CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
 	- libxerces2-java <unfixed>
+	[stretch] - libxerces2-java <postponed> (revisit when/if fix is complete)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
 CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
 	{DSA-5054-1}


=====================================
data/dla-needed.txt
=====================================
@@ -41,13 +41,21 @@ gpac
   NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)
   NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto)
 --
+h2database
+--
+htmldoc (Thorsten Alteholz)
+--
+intel-microcode
+  NOTE: 20220213: please recheck
+--
 libarchive (Thorsten Alteholz)
-  NOTE: 20220116: waiting for upload in higher releases
-  NOTE: 20220130: new CVEs arrived
+  NOTE: 20220213: testing package
 --
 libgit2 (Utkarsh)
   NOTE: 20220208: got clearance. will upload this week. (utkarsh)
 --
+libxstream-java
+--
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
@@ -82,3 +90,5 @@ ujson (Anton)
 --
 vim (Markus Koschany)
 --
+zsh
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d295402a5226ae389b85be31d1c63bd77561ec1...23ffd3fb79b62d32e02be0446610c24b673fa274

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d295402a5226ae389b85be31d1c63bd77561ec1...23ffd3fb79b62d32e02be0446610c24b673fa274
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/df60dfbe/attachment-0001.htm>
