[Git][security-tracker-team/security-tracker][master] Reserve DLA-3049-1 for mailman

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ce13f64 by Sylvain Beucler at 2022-06-09T12:04:59+02:00
Reserve DLA-3049-1 for mailman

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38177,13 +38177,12 @@ CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used t
 CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...)
 	- mailman <removed>
 	[buster] - mailman 1:2.1.29-1+deb10u4
-	[stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next DLA)
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
 	NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
-	NOTE:        https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38)
+	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38)
 	NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
 	NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
-	NOTE:                      https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39)
+	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39)
 CVE-2021-44226 (Razer Synapse before 3.7.0228.022817 allows privilege escalation becau ...)
 	NOT-FOR-US: Razer Synapse
 CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux kerne ...)
@@ -41935,7 +41934,6 @@ CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does
 CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
 	- mailman <removed> (bug #1000367)
 	[buster] - mailman 1:2.1.29-1+deb10u3
-	[stretch] - mailman <no-dsa> (Minor issue)
 	NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
 	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1876 (2.1.36)
@@ -41943,7 +41941,6 @@ CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb
 CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...)
 	- mailman <removed> (bug #1000367)
 	[buster] - mailman 1:2.1.29-1+deb10u3
-	[stretch] - mailman <no-dsa> (Minor issue)
 	NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1949401
 	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1875 (2.1.36)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Jun 2022] DLA-3049-1 mailman - security update
+	{CVE-2021-43331 CVE-2021-43332 CVE-2021-44227}
+	[stretch] - mailman 1:2.1.23-1+deb9u8
 [09 Jun 2022] DLA-3048-1 python-bottle - security update
 	{CVE-2022-31799}
 	[stretch] - python-bottle 0.12.13-1+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -147,10 +147,6 @@ linux (Ben Hutchings)
 linux-4.19 (Ben Hutchings)
   NOTE: 20220529: Programming language: C.
 --
-mailman (Sylvain Beucler)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.12 (3 CVEs, regression fixes) (Beuc/front-desk)
---
 manila
   NOTE: 20220529: Programming language: Python.
   NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ce13f64bfce535510878f8a0b726df3206ddca0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ce13f64bfce535510878f8a0b726df3206ddca0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220609/80b8bb82/attachment.htm>