[Git][security-tracker-team/security-tracker][master] Claim composer, libpgjava, smarty3 and twig and recheck
Markus Koschany (@apo)
apo at debian.org
Mon May 2 20:17:57 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c59ad904 by Markus Koschany at 2022-05-02T21:16:17+02:00
Claim composer, libpgjava, smarty3 and twig and recheck
if these packages are actually affected.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -38,7 +38,7 @@ cgal
ckeditor (Sylvain Beucler)
NOTE: 20220402: multiple pendings vulnerabilities (Beuc)
--
-composer:
+composer: (Markus Koschany)
NOTE: 20220424: programming language PHP
NOTE: 20220424: check whether really affected (Anton)
--
@@ -84,7 +84,7 @@ liblouis (Andreas Rönnquist)
NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too.
--
-libpgjava
+libpgjava (Markus Koschany)
--
libvirt (Thorsten Alteholz)
NOTE: 20220423: wait for upload in newer releases, dependency loop seems to be resolved now
@@ -145,7 +145,7 @@ samba
NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
NOTE: 20220125: ftbfs, wip. (utkarsh)
--
-smarty3
+smarty3 (Markus Koschany)
--
snapd
NOTE: 20220308: seems vulnerable at least to setup_private_mount,
@@ -166,7 +166,7 @@ tiff (Utkarsh)
NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh)
NOTE: 20220419: new CVE reported; waiting to see if there are more. (utkarsh)
--
-twig
+twig (Markus Koschany)
NOTE: 20220402: cf. DSA-5107-1; similar code in lib/Twig/Extension/Core.php (Beuc)
--
twisted (Stefano Rivera)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59ad904ab7e13db4d890c3079f9e9439474e640
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59ad904ab7e13db4d890c3079f9e9439474e640
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220502/d9e6154f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list