[Git][security-tracker-team/security-tracker][master] 5 commits: lts: add redis

Tue Mar 8 10:21:40 GMT 2022


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8eb34f2 by Emilio Pozuelo Monfort at 2022-03-08T11:19:32+01:00
lts: add redis

- - - - -
9ffebca4 by Emilio Pozuelo Monfort at 2022-03-08T11:19:33+01:00
lts: CVE-2021-3596/imagemagick postponed for stretch

- - - - -
dc55b9ae by Emilio Pozuelo Monfort at 2022-03-08T11:19:35+01:00
CVE-2022-0711/haproxy n/a on buster & stretch

- - - - -
76b4cc77 by Emilio Pozuelo Monfort at 2022-03-08T11:19:36+01:00
CVE-2022-24303/pillow n/a on buster and stretch

In those versions, the filenames are quoted before being passed to
the shell.

- - - - -
88494620 by Emilio Pozuelo Monfort at 2022-03-08T11:19:36+01:00
lts: add twisted

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2708,6 +2708,8 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
 	NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
 CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses containin ...)
 	- haproxy <unfixed>
+	[buster] - haproxy <not-affected> (Vulnerable code introduced later)
+	[stretch] - haproxy <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053666
 	NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 (v2.6-dev2)
 CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...)
@@ -6241,7 +6243,8 @@ CVE-2022-24303
 	RESERVED
 	- pillow 9.0.1-1
 	[bullseye] - pillow <ignored> (Minor issue)
-	[buster] - pillow <ignored> (Minor issue)
+	[buster] - pillow <not-affected> (Vulnerable code introduced later)
+	[stretch] - pillow <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
 	NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
@@ -47280,6 +47283,7 @@ CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerabilit
 	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versions p ...)
 	- imagemagick 8:6.9.11.57+dfsg-1
+	[stretch] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b


=====================================
data/dla-needed.txt
=====================================
@@ -67,6 +67,8 @@ pjproject (Abhijith PA)
   NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith)
   NOTE: 20220302: uploading asterisk, ring and pjproject in one go (abhijith)
 --
+redis
+--
 ring (Abhijith PA)
 --
 samba
@@ -75,6 +77,8 @@ samba
   NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
   NOTE: 20220125: ftbfs, wip. (utkarsh)
 --
+twisted
+--
 vim (Markus)
 --
 wireshark (Markus Koschany)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7bada13ac6b14bbf64cd7e50080d3e3d39d81a76...88494620eeea2f10852bc59e5eb2730fee607c19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7bada13ac6b14bbf64cd7e50080d3e3d39d81a76...88494620eeea2f10852bc59e5eb2730fee607c19
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220308/7af04fe3/attachment-0001.htm>
