[Git][security-tracker-team/security-tracker][master] 4 commits: LTS: remove condor from dla-needed

Thu Jan 13 20:47:54 GMT 2022


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c2e56eb by Anton Gladky at 2022-01-13T21:45:09+01:00
LTS: remove condor from dla-needed

- - - - -
5c9a0629 by Anton Gladky at 2022-01-13T21:45:12+01:00
Mark CVE-2021-45101 ignored for stretch

- - - - -
f47843c7 by Anton Gladky at 2022-01-13T21:45:15+01:00
Mark CVE-2022-22707 as not-affected for stretch

- - - - -
47b68720 by Anton Gladky at 2022-01-13T21:45:15+01:00
LTS: take lighttpd

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1653,6 +1653,7 @@ CVE-2022-22708
 CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
 	{DSA-5040-1}
 	- lighttpd <unfixed>
+	[stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions)
 	NOTE: https://redmine.lighttpd.net/issues/3134
 	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
 CVE-2022-22706
@@ -6236,6 +6237,7 @@ CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
 CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
 	- condor <unfixed> (bug #1002540)
+	[stretch] - condor <ignored> (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software)
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
 	NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14)
 CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)


=====================================
data/dla-needed.txt
=====================================
@@ -25,12 +25,6 @@ apng2gif
   NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie
   NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk)
 --
-condor (Anton)
-  NOTE: 20211216: full details embargoed
-  NOTE: 20211227: the fix is out and now available; cf:
-  NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee. (utkarsh)
-  NOTE: 20220109: Prepare for upload (Anton)
---
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
   NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
@@ -77,8 +71,9 @@ libraw (Abhijith PA)
   NOTE: 20211227: 7 CVEs that were fixed for jessie in  DLA-1734-1 are unfixed
   NOTE: 20211227: in stretch, plenty other unfixed CVEs (bunk)
 --
-lighttpd
+lighttpd (Anton)
   NOTE: 20220111: a DSA is planned (Beuc)
+  NOTE: 20220113: version in stretch is not affected by CVE-2022-22707 (Anton)
 --
 linux (Ben Hutchings)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220113/45e1e562/attachment.htm>
