[Git][security-tracker-team/security-tracker][master] Reserve DLA-3066-1 for isync

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a5b8c51 by Markus Koschany at 2022-07-01T14:56:55+02:00
Reserve DLA-3066-1 for isync

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -65722,7 +65722,6 @@ CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadeq
 	- isync 1.4.4-1
 	[bullseye] - isync 1.3.0-2.2+deb11u1
 	[buster] - isync <no-dsa> (Minor issue)
-	[stretch] - isync <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
 CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...)
 	{DLA-2843-1 DLA-2785-1}
@@ -73717,7 +73716,6 @@ CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.
 CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
 	- isync 1.3.0-2.2 (bug #989564)
 	[buster] - isync 1.3.0-2.2~deb10u1
-	[stretch] - isync <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1
 CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
 	NOT-FOR-US: BDew BdLib library
@@ -109460,7 +109458,6 @@ CVE-2021-20248
 CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...)
 	- isync 1.3.0-2.1 (bug #983351)
 	[buster] - isync 1.3.0-2.2~deb10u1
-	[stretch] - isync <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
 CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker  ...)
 	{DLA-2602-1}


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Jul 2022] DLA-3066-1 isync - security update
+	{CVE-2021-3578 CVE-2021-3657 CVE-2021-20247}
+	[stretch] - isync 1.2.1-2+deb9u1
 [30 Jun 2022] DLA-3065-1 linux - security update
 	{CVE-2018-1108 CVE-2021-4149 CVE-2021-39713 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1198 CVE-2022-1199 CVE-2022-1353 CVE-2022-1516 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23960 CVE-2022-24958 CVE-2022-26490 CVE-2022-26966 CVE-2022-27223 CVE-2022-28356 CVE-2022-28390 CVE-2022-30594 CVE-2022-32250 CVE-2022-32296 CVE-2022-33981}
 	[stretch] - linux 4.9.320-2


=====================================
data/dla-needed.txt
=====================================
@@ -105,10 +105,6 @@ intel-microcode
   NOTE: 20220529: Programming language: binary blob.
   NOTE: 20220213: please recheck
 --
-isync (Markus Koschany)
-  NOTE: 20220528: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.10 and possibly 11.2 (3 CVEs) (Beuc/front-desk)
---
 jupyter-notebook
   NOTE: 20220529: Programming language: Python.
   NOTE: 20220528: wrt CVE-2021-32798, caja is bundled (not external), cf. README.source (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a5b8c5107415c3cbbb00f83d5c4a2ffedd7a000

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a5b8c5107415c3cbbb00f83d5c4a2ffedd7a000
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/1d5b3b85/attachment-0001.htm>