[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2019-8457,db5.3: Mark Stretch as no-dsa

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aed48caf by Markus Koschany at 2022-05-15T23:21:28+02:00
CVE-2019-8457,db5.3: Mark Stretch as no-dsa

Minor issue

- - - - -
1a9b6bea by Markus Koschany at 2022-05-15T23:42:31+02:00
Add rsyslog to dla-needed.txt with comments

- - - - -
61788fc3 by Markus Koschany at 2022-05-15T23:48:36+02:00
Add ntfs-3g to ela-needed.txt

- - - - -
d9e6de7f by Markus Koschany at 2022-05-15T23:49:05+02:00
Claim libxml2 in dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -213239,6 +213239,7 @@ CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap
 	- db5.3 5.3.28+dfsg1-0.9 (bug #1010974)
 	[bullseye] - db5.3 <no-dsa> (Minor issue)
 	[buster] - db5.3 <no-dsa> (Minor issue)
+	[stretch] - db5.3 <no-dsa> (Minor issue)
 	- sqlite3 3.27.2-3 (bug #929775)
 	[stretch] - sqlite3 <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -102,6 +102,8 @@ libpgjava (Markus Koschany)
 libvirt (Thorsten Alteholz)
   NOTE: 20220508: testing package
 --
+libxml2 (Markus Koschany)
+--
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
@@ -118,6 +120,10 @@ mbedtls (Utkarsh)
 mysql-connector-java
   NOTE: 20220512: Requires a new upstream version. (apo)
 --
+ntfs-3g
+  NOTE: 20220515: Please recheck. There are currently not enough information
+  NOTE: available. (apo)
+--
 nvidia-cuda-toolkit
    NOTE: 20220331: package is in non-free but also in packages-to-support (Beuc)
 --
@@ -158,6 +164,10 @@ ruby-devise-two-factor
   NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some investigation. (lamby)
   NOTE: 20220502: should be marked as no-dsa; will send more details on the list. (utkarsh)
 --
+rsyslog
+  NOTE: 20220515: Please recheck. Vulnerable function processDataRcvd does not
+  NOTE: seem to be affected but I'm not completely sure. Programming language C. (apo)
+--
 salt
 --
 samba



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5fd7b1ae89f4ed735b85280ef9e5405e82393288...d9e6de7fcf08ff0609ee3fb856f1634497d72135

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5fd7b1ae89f4ed735b85280ef9e5405e82393288...d9e6de7fcf08ff0609ee3fb856f1634497d72135
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220515/6a2773cf/attachment-0001.htm>