[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-45960,expat: Remove no-dsa tag for Stretch
Markus Koschany (@apo)
apo at debian.org
Sun Jan 30 21:00:13 GMT 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6ca95ac by Markus Koschany at 2022-01-30T21:57:29+01:00
CVE-2021-45960,expat: Remove no-dsa tag for Stretch
- - - - -
99ecc09a by Markus Koschany at 2022-01-30T21:58:50+01:00
Claim apache-log4j1.2, guacamole-client and wpa in dla-needed.txt
- - - - -
27ce04a9 by Markus Koschany at 2022-01-30T22:00:03+01:00
Reserve DLA-2904-1 for expat
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6614,7 +6614,6 @@ CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or mor
- expat 2.4.3-1 (bug #1002994)
[bullseye] - expat <no-dsa> (Minor issue; can be fixed via point release)
[buster] - expat <no-dsa> (Minor issue; can be fixed via point release)
- [stretch] - expat <no-dsa> (Minor issue)
NOTE: https://github.com/libexpat/libexpat/issues/531
NOTE: https://github.com/libexpat/libexpat/pull/534
CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2022] DLA-2904-1 expat - security update
+ {CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990}
+ [stretch] - expat 2.2.0-2+deb9u4
[29 Jan 2022] DLA-2903-1 libraw - security update
{CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365}
[stretch] - libraw 0.17.2-6+deb9u2
=====================================
data/dla-needed.txt
=====================================
@@ -18,7 +18,7 @@ ansible
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
-apache-log4j1.2
+apache-log4j1.2 (Markus Koschany)
--
apache2 (Anton)
NOTE: 20220109: WIP https://salsa.debian.org/lts-team/packages/apache2 (Anton)
@@ -37,8 +37,6 @@ debian-archive-keyring
NOTE: 20211018: Jonathan is prepping the branch; will work
NOTE: 20211018: with him and upload and publish the DLA. (utkarsh)
--
-expat (Markus Koschany)
---
firmware-nonfree
NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
@@ -56,7 +54,7 @@ gpac (Roberto C. Sánchez)
NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)
NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto)
--
-guacamole-client
+guacamole-client (Markus Koschany)
NOTE: 20220114: package unmaintained AFAICS and only present in stretch (Beuc)
--
libarchive (Thorsten Alteholz)
@@ -93,7 +91,7 @@ ujson (Anton)
--
vim (Emilio)
--
-wpa
+wpa (Markus Koschany)
NOTE: 20220124: CVE-2018-9495 has been applied
--
zabbix (Sylvain Beucler)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b663d5723c0cfd7a64fd47a33e78aa15cdb087d5...27ce04a95a8a22ee9fd206b18c1c1f8986728bec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b663d5723c0cfd7a64fd47a33e78aa15cdb087d5...27ce04a95a8a22ee9fd206b18c1c1f8986728bec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220130/22a74317/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list