[Git][security-tracker-team/security-tracker][master] 3 commits: add openjdk-8

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35e0ffe6 by Thorsten Alteholz at 2022-01-20T16:18:36+01:00
add openjdk-8

- - - - -
dcfaf2bc by Thorsten Alteholz at 2022-01-20T16:20:46+01:00
add nss

- - - - -
4f3dcb43 by Thorsten Alteholz at 2022-01-20T16:25:42+01:00
follow sec team and mark some CVEs of glibc as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1579,11 +1579,13 @@ CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc
 	- glibc 2.33-3
 	[bullseye] - glibc <no-dsa> (Minor issue)
 	[buster] - glibc <no-dsa> (Minor issue)
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542
 CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...)
 	- glibc 2.33-3
 	[bullseye] - glibc <no-dsa> (Minor issue)
 	[buster] - glibc <no-dsa> (Minor issue)
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768
 CVE-2022-23217
 	RESERVED
@@ -11160,12 +11162,14 @@ CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()]
 	- glibc <unfixed>
 	[bullseye] - glibc <no-dsa> (Minor issue)
 	[buster] - glibc <no-dsa> (Minor issue)
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769
 CVE-2021-3998 [Unexpected return value from realpath() for too long results]
 	RESERVED
 	- glibc <unfixed>
 	[bullseye] - glibc <no-dsa> (Minor issue)
 	[buster] - glibc <no-dsa> (Minor issue)
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770
 	NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/
 CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]


=====================================
data/dla-needed.txt
=====================================
@@ -90,6 +90,11 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
+nss
+  NOTE: 20220120: no public information yet
+--
+openjdk-8 (Emilio)
+--
 pgbouncer (Christoph Berg)
   NOTE: 20220104: maintainer might want to upload fixed version
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50403b7c75ece8064cfea5f8cc95e5d94fd845e...4f3dcb43ea85a8c9937a3da0a23a8b098962b962

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50403b7c75ece8064cfea5f8cc95e5d94fd845e...4f3dcb43ea85a8c9937a3da0a23a8b098962b962
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220120/a8e6ec8a/attachment-0001.htm>