[Git][security-tracker-team/security-tracker][master] dla: add systemd
Sylvain Beucler (@beuc)
beuc at debian.org
Tue May 24 16:12:07 BST 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0bc5d771 by Sylvain Beucler at 2022-05-24T17:11:44+02:00
dla: add systemd
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -178463,8 +178463,10 @@ CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before v
NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
+ NOTE: Introduced by https://github.com/systemd/systemd/commit/70244d1d25eb80b57e160ea004d0e6bf793d4caf (v220)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
+ NOTE: https://www.openwall.com/lists/oss-security/2020/02/05/1
CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
{DLA-2373-1 DLA-2144-1}
- qemu 1:4.2-2 (bug #949731)
=====================================
data/dla-needed.txt
=====================================
@@ -259,6 +259,11 @@ subversion (Roberto C. Sánchez)
NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)
--
+systemd
+ NOTE: 20220524: CVE-2020-1712 marked for update but didn't make it to 9.13
+ NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but at the
+ NOTE: 20220524: same time is severe and was fixed in other old distros (Beuc/front-desk)
+--
tiff (Utkarsh)
NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff.
NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc5d771410a5c73fef315d7ef0bd9afc9ee243a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc5d771410a5c73fef315d7ef0bd9afc9ee243a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220524/6c468cac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list