[Git][security-tracker-team/security-tracker][master] 2 commits: Add notes to packages

Mon May 16 14:39:12 BST 2022


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae990724 by Utkarsh Gupta at 2022-05-16T19:05:04+05:30
Add notes to packages

- - - - -
84d7c288 by Utkarsh Gupta at 2022-05-16T19:08:59+05:30
Reserve DLA-3009-1 for cifs-utils

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 May 2022] DLA-3009-1 cifs-utils - security update
+	{CVE-2022-27239 CVE-2022-29869}
+	[stretch] - cifs-utils 2:6.7-1+deb9u1
 [14 May 2022] DLA-3008-1 openssl - security update
 	{CVE-2022-1292}
 	[stretch] - openssl 1.1.0l-1~deb9u6


=====================================
data/dla-needed.txt
=====================================
@@ -33,9 +33,6 @@ asterisk (Abhijith PA)
 cgal
   NOTE: 20220421: many no-dsa issues, please check, whether it is possible to fix them without uploading a new upstream release (Anton)
 --
-cifs-utils (Utkarsh)
-  NOTE: 20220510: Programming language C. (apo)
---
 ckeditor (Sylvain Beucler)
   NOTE: 20220402: multiple pendings vulnerabilities (Beuc)
 --
@@ -50,6 +47,7 @@ debian-security-support (Utkarsh)
   NOTE: 20220402: check debian/README.source, sync with h01ger, and announce EOL'd packages (Beuc)
   NOTE: 20220402: context: https://lists.debian.org/debian-lts/2022/04/msg00000.html (Beuc)
   NOTE: 20220502: backport prepped, will contact Holger for more details. (utkarsh)
+  NOTE: 20220516: in review, will also co-help Holger to maintain this. (utkarsh)
 --
 ffmpeg (enrico)
   NOTE: 20220503: update to 3.2.17 (pochu)
@@ -116,6 +114,8 @@ mbedtls (Utkarsh)
   NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh)
   NOTE: 20220502: will upload with 1 fix and mark the other one
   NOTE: 20220502: as no-dsa today/tomorrow. (utkarsh)
+  NOTE: 20220516: helf off upload to see if the other one should
+  NOTE: 20220516: be squeezed in. waiting on -pu. (utkarsh)
 --
 mysql-connector-java
   NOTE: 20220512: Requires a new upstream version. (apo)
@@ -197,6 +197,8 @@ tiff (Utkarsh)
   NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh)
   NOTE: 20220419: new CVE reported; waiting to see if there are more. (utkarsh)
   NOTE: 20220502: will collate the new CVEs and update the package. (utkarsh)
+  NOTE: 20220513: more CVEs, ugh. Probably will consider rolling out the ones
+  NOTE: 20220513: that are already applied and tested and re-add tiff here. (utkarsh)
 --
 unzip
   NOTE: 20220319: no patches yet but reproducible (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3a867277f3557cfa37085cdc31834af9208131f7...84d7c288239f4df80414e8bbd53b434335f7c210

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3a867277f3557cfa37085cdc31834af9208131f7...84d7c288239f4df80414e8bbd53b434335f7c210
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220516/6366a8ab/attachment-0001.htm>
