[Git][security-tracker-team/security-tracker][master] Reserve DLA-2886-1 for slurm-llnl

Mon Jan 17 17:57:38 GMT 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ac8fd8a by Sylvain Beucler at 2022-01-17T18:57:12+01:00
Reserve DLA-2886-1 for slurm-llnl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -85074,7 +85074,6 @@ CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer O
 	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #974721)
-	[stretch] - slurm-llnl <no-dsa> (Minor issue)
 	NOTE: https://www.schedmd.com/news.php?id=240
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
 	NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81
@@ -120686,7 +120685,6 @@ CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the
 	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #961406)
-	[stretch] - slurm-llnl <no-dsa> (Minor issue)
 	[jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11)
 	NOTE: https://www.schedmd.com/news.php?id=236
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
@@ -175597,7 +175595,6 @@ CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS
 CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
 	{DSA-4572-1 DLA-2143-1}
 	- slurm-llnl 19.05.3.2-1 (bug #931880)
-	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Jan 2022] DLA-2886-1 slurm-llnl - security update
+	{CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215}
+	[stretch] - slurm-llnl 16.05.9-1+deb9u5
 [17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update
 	{CVE-2021-3481 CVE-2021-45930}
 	[stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -119,14 +119,6 @@ samba (Utkarsh Gupta)
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload
   NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
 --
-slurm-llnl (Sylvain Beucler)
-  NOTE: 20211229: CVE-2019-12838 is marked "Too intrusive to backport" but was
-  NOTE: 20211229: backported to jessie in DLA-2143-1.
-  NOTE: 20211229: If CVE-2019-12838 gets fixed, then the 4 other "no DSA" CVEs
-  NOTE: 20211229: should also be checked. (bunk)
-  NOTE: 20220107: backporting patches (Beuc)
-  NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage
---
 vim (Emilio)
 --
 zabbix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ac8fd8a29d083404da0eb8f448492c433535eb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ac8fd8a29d083404da0eb8f448492c433535eb6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220117/4bb44137/attachment-0001.htm>
