[Git][security-tracker-team/security-tracker][master] Track pending logrotate update via upcoming point release

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 1 15:10:13 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d06fde9 by Salvatore Bonaccorso at 2022-07-01T16:07:51+02:00
Track pending logrotate update via upcoming point release

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -15352,6 +15352,7 @@ CVE-2022-1349 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a co
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1348 (A vulnerability was found in logrotate in how the state file is create ...)
 	- logrotate 3.20.1-1 (bug #1011644)
+	[bullseye] - logrotate <no-dsa> (Minor issue; pending via next point release)
 	[buster] - logrotate <not-affected> (Vulnerable code introduced later)
 	[stretch] - logrotate <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/25/3


=====================================
data/dsa-needed.txt
=====================================
@@ -34,8 +34,6 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
-logrotate
---
 ndpi/oldstable
 --
 netatalk


=====================================
data/next-point-update.txt
=====================================
@@ -164,3 +164,5 @@ CVE-2022-32296
 	[bullseye] - linux 5.10.127-1
 CVE-2022-32981
 	[bullseye] - linux 5.10.127-1
+CVE-2022-1348
+	[bullseye] - logrotate 3.18.0-2+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d06fde9e733891e4f9da83df7efc79dcf224e3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d06fde9e733891e4f9da83df7efc79dcf224e3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/1543a98a/attachment.htm>

More information about the debian-security-tracker-commits mailing list