[Git][security-tracker-team/security-tracker][master] 2 commits: Added curl to dla-needed since it is in DSA needed and at least one...

Ola Lundqvist (@opal) opal at debian.org
Mon Jul 11 23:20:42 BST 2022 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35e96a7a by Ola Lundqvist at 2022-07-12T00:10:36+02:00
Added curl to dla-needed since it is in DSA needed and at least one vulnerability applies to buster as well.

- - - - -
587dc5e1 by Ola Lundqvist at 2022-07-12T00:18:32+02:00
Concluded that CVE-2022-24793 is not vulnerable in buster since the vulnerable code does not exist. The file is not even present.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -30153,6 +30153,7 @@ CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing
 CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-3036-1}
 	- asterisk <unfixed>
+	[buster] - asterisk <not-affected> (Vulnerable code not present)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>


=====================================
data/dla-needed.txt
=====================================
@@ -12,6 +12,9 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
+--
+curl
+  NOTE: 20220712: Have not checked whether all CVEs are appliable or not (ola) 
 --
 linux (Ben Hutchings)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22d9f630a6c2f2a80db5b748c40aea24d931cac3...587dc5e1d376b0b6c98ed4c616d69b4becef69ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22d9f630a6c2f2a80db5b748c40aea24d931cac3...587dc5e1d376b0b6c98ed4c616d69b4becef69ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/ead38f25/attachment.htm>

More information about the debian-security-tracker-commits mailing list