[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for avahi/Stretch.

Tue Jun 7 19:01:59 BST 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e917513e by Markus Koschany at 2022-06-07T20:00:44+02:00
Remove no-dsa tags for avahi/Stretch.

- - - - -
889550ad by Markus Koschany at 2022-06-07T20:01:49+02:00
Reserve DLA-3047-1 for avahi

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -79481,7 +79481,6 @@ CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event us
 	- avahi <unfixed> (bug #984938)
 	[bullseye] - avahi <no-dsa> (Minor issue)
 	[buster] - avahi <no-dsa> (Minor issue)
-	[stretch] - avahi <postponed> (Minor issue; can be fixed in next DLA)
 	NOTE: https://github.com/lathiat/avahi/pull/330
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
 CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...)
@@ -85657,7 +85656,6 @@ CVE-2021-26721
 CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
 	- avahi 0.8-4
 	[buster] - avahi 0.7-4+deb10u1
-	[stretch] - avahi <postponed> (fix in next DLA - removal of .sh script)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2
 	NOTE: Fixed by removing the avahi-daemon-check-dns.sh script.
 CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Jun 2022] DLA-3047-1 avahi - security update
+	{CVE-2021-3468 CVE-2021-26720}
+	[stretch] - avahi 0.6.32-2+deb9u1
 [07 Jun 2022] DLA-3046-1 librecad - security update
 	{CVE-2021-21897}
 	[stretch] - librecad 2.1.2-1+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -21,10 +21,6 @@ rather than remove/replace existing ones.
 amd64-microcode
   NOTE: 20220529: Programming language: binary blob.
 --
-avahi (Markus Koschany)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.9 (1 Debian-specific CVE) (Beuc/front-desk)
---
 blender (Thorsten Alteholz)
   NOTE: 20220529: Programming language: C++.
   NOTE: 20220528: 3 CVEs now fixed in unstable, but maintainer never was approached to fix in stable/oldstable,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd26603c99ddadc62722bdb7d44ee9da1ef0cdbe...889550ad1c50488a5109b20cbdbfae7b70406ef9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd26603c99ddadc62722bdb7d44ee9da1ef0cdbe...889550ad1c50488a5109b20cbdbfae7b70406ef9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220607/b3229391/attachment-0001.htm>
