[Git][security-tracker-team/security-tracker][master] xen, mat2 DSAs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
334895fd by Moritz Mühlenhoff at 2022-07-15T19:39:34+02:00
xen, mat2 DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5560,18 +5560,21 @@ CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While
 CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	- linux <unfixed>
 	- xen <unfixed>
+	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-403.html
 CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	- linux <unfixed>
 	- xen <unfixed>
+	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-403.html
 CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	- linux <unfixed>
 	- xen <unfixed>
+	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-403.html
@@ -26326,6 +26329,7 @@ CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanit
 CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	- linux <unfixed>
 	- xen <unfixed>
+	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-403.html


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,10 @@
+[15 Jul 2022] DSA-5185-1 mat2 - security update
+	{CVE-2022-35410}
+	[buster] - mat2 0.8.0-3+deb10u1
+	[bullseye] - mat2 0.12.1-2+deb11u1
+[15 Jul 2022] DSA-5184-1 xen - security update
+	{CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900}
+	[bullseye] - xen 4.14.5+24-g87d90d511c-1
 [15 Jul 2022] DSA-5183-1 wpewebkit - security update
 	{CVE-2022-22677 CVE-2022-26710}
 	[bullseye] - wpewebkit 2.36.4-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -34,9 +34,6 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
-mat2
-  Maintainer is going to prepare updates
---
 ndpi/oldstable
 --
 netatalk
@@ -69,7 +66,5 @@ unzip
   unclear information, initial report indicates writable memory corruption, but
   some identified patch is just for a NULL deref, needs more clarification
 --
-xen (jmm)
---
 xorg-server
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334895fdf2ce86f674b001f0cdcaa0e36736f75f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334895fdf2ce86f674b001f0cdcaa0e36736f75f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220715/bbaa6d11/attachment-0001.htm>