[Git][security-tracker-team/security-tracker][master] 3 commits: Add abcm2ps to dla-needed.txt

Markus Koschany (@apo) apo at debian.org
Sat Mar 19 16:26:23 GMT 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
205885fd by Markus Koschany at 2022-03-19T17:01:07+01:00
Add abcm2ps to dla-needed.txt

- - - - -
3930791d by Markus Koschany at 2022-03-19T17:13:20+01:00
CVE-2022-24599,audiofile: Stretch/no-dsa

Minor issue. Can be fixed later.

- - - - -
a62e04a2 by Markus Koschany at 2022-03-19T17:24:20+01:00
CVE-2022-22909,hoteldruid: Stretch/no-dsa

Minor issue. Requires the privilege to add a new room and can thus be
mitigated.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7290,6 +7290,7 @@ CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory le
 	- audiofile <unfixed>
 	[bullseye] - audiofile <no-dsa> (Minor issue)
 	[buster] - audiofile <no-dsa> (Minor issue)
+	[stretch] - audiofile <no-dsa> (Minor issue)
 	NOTE: https://github.com/mpruett/audiofile/issues/60
 CVE-2022-24598
 	RESERVED
@@ -13137,6 +13138,7 @@ CVE-2022-22909 (HotelDruid v3.0.3 was discovered to contain a remote code execut
 	- hoteldruid <unfixed> (bug #1006750)
 	[bullseye] - hoteldruid <no-dsa> (Minor issue)
 	[buster] - hoteldruid <no-dsa> (Minor issue)
+	[stretch] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://github.com/0z09e/CVE-2022-22909
 CVE-2022-22908 (SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, ...)
 	NOT-FOR-US: Sangfor VDI Client


=====================================
data/dla-needed.txt
=====================================
@@ -12,6 +12,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
+--
+abcm2ps
 --
 ansible
   NOTE: 20210411: As discussed with the maintainer I will update Buster first and



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95caeff17a0a8179d66c3abc338adee7108e5873...a62e04a225d9ade905c49cb02dbff1b5609e3406

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95caeff17a0a8179d66c3abc338adee7108e5873...a62e04a225d9ade905c49cb02dbff1b5609e3406
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220319/a327bf03/attachment.htm>

More information about the debian-security-tracker-commits mailing list