[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-40085/neutron: stretch unfixed, DLA-2781-1 has no new patch and changelog-only debdiff

Tue May 24 09:48:22 BST 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66d8a2c0 by Sylvain Beucler at 2022-05-24T10:48:02+02:00
CVE-2021-40085/neutron: stretch unfixed, DLA-2781-1 has no new patch and changelog-only debdiff

- - - - -
8d62d804 by Sylvain Beucler at 2022-05-24T10:48:02+02:00
dla: add neutron

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -48847,7 +48847,7 @@ CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When aud
 CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...)
 	NOT-FOR-US: PrimeKey
 CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...)
-	{DSA-4983-1 DLA-2781-1}
+	{DSA-4983-1}
 	- neutron 2:18.1.0-3 (bug #993398)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2
 	NOTE: https://launchpad.net/bugs/1939733


=====================================
data/DLA/list
=====================================
@@ -733,7 +733,6 @@
 	{CVE-2021-38496 CVE-2021-38500}
 	[stretch] - firefox-esr 78.15.0esr-1~deb9u1
 [11 Oct 2021] DLA-2781-1 neutron - security update
-	{CVE-2021-40085}
 	[stretch] - neutron 2:9.1.1-3+deb9u2
 [11 Oct 2021] DLA-2780-1 ruby2.3 - security update
 	{CVE-2021-31799 CVE-2021-31810 CVE-2021-32066}


=====================================
data/dla-needed.txt
=====================================
@@ -159,6 +159,11 @@ mysql-connector-java (Markus Koschany)
 ncurses
   NOTE: 20220524: Harmonize with Debian 10.2 (2-3 CVEs + some non-CVE'd issues) (Beuc/front-desk)
 --
+neutron
+  NOTE: 20220524: Harmonize with DSA-4983-1 (1 CVE), also DLA-2781-1 has changelog-only debdiff
+  NOTE: 20220524: and needs to be redone AFAICT (1 CVE) (Beuc/front-desk)
+  NOTE: 20220524: Part of OpenStack (Beuc/front-desk)
+--
 ntfs-3g
   NOTE: 20220515: Please recheck. There are currently not enough information
   NOTE: available. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/15661130dd769234c2f5e899b863c64d612777e6...8d62d804da47e77351072c5f4df03ca2fdf49874

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/15661130dd769234c2f5e899b863c64d612777e6...8d62d804da47e77351072c5f4df03ca2fdf49874
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220524/d10b59e8/attachment-0001.htm>
