[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags of cyrus-imapd/stretch

Sun Jun 19 23:31:00 BST 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
088ac34e by Markus Koschany at 2022-06-20T00:14:36+02:00
Remove no-dsa tags of cyrus-imapd/stretch

- - - - -
a3261ec2 by Markus Koschany at 2022-06-20T00:29:37+02:00
Reserve DLA-3052-1 cyrus-imapd

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -71561,7 +71561,6 @@ CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denia
 	- cyrus-imapd 3.4.2-1 (bug #993433)
 	[bullseye] - cyrus-imapd 3.2.6-2+deb11u1
 	[buster] - cyrus-imapd 3.0.8-6+deb10u6
-	[stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
 	- cyrus-imapd-2.4 <removed>
 	NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
 	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master)
@@ -186580,7 +186579,6 @@ CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web
 CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege  ...)
 	- cyrus-imapd 3.0.12-1
 	[buster] - cyrus-imapd 3.0.8-6+deb10u3
-	[stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/e675bf7b0e9c6e160516d274bffaec6f9dccaef7 (cyrus-imapd-3.0.12)
 	NOTE: Fixed in 3.0.12 and 2.5.14 upstream
 CVE-2019-18927


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Jun 2022] DLA-3052-1 cyrus-imapd - security update
+	{CVE-2019-18928 CVE-2021-33582}
+	[stretch] - cyrus-imapd 2.5.10-3+deb9u3
 [15 Jun 2022] DLA-3051-1 tzdata - new timezone database
 	[stretch] - tzdata 2021a-0+deb9u4
 [10 Jun 2022] DLA-3050-1 vlc - security update


=====================================
data/dla-needed.txt
=====================================
@@ -52,10 +52,6 @@ curl (Emilio)
   NOTE: 20220615: made some progress on the test regressions, some are due to flaky tests apparently,
   NOTE: 20220615: but at least one seems to be caused by one of the fixes (pochu)
 --
-cyrus-imapd (Markus Koschany)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with DSA-4590-1 and Debian 10.11 (2 CVEs) (Beuc/front-desk)
---
 exempi
   NOTE: 20220529: Programming language: C++.
   NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d2d71dbc632f680f2ee92645fe40e0468923cc0...a3261ec2ad446d890223e6c115ed971f2a49d08a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d2d71dbc632f680f2ee92645fe40e0468923cc0...a3261ec2ad446d890223e6c115ed971f2a49d08a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220619/9fd0b3b3/attachment-0001.htm>
