[Git][security-tracker-team/security-tracker][master] dla: add systemd

Tue May 24 16:12:07 BST 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0bc5d771 by Sylvain Beucler at 2022-05-24T17:11:44+02:00
dla: add systemd

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -178463,8 +178463,10 @@ CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before v
 	NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
 	NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
 	NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
+	NOTE: Introduced by https://github.com/systemd/systemd/commit/70244d1d25eb80b57e160ea004d0e6bf793d4caf (v220)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
+	NOTE: https://www.openwall.com/lists/oss-security/2020/02/05/1
 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
 	{DLA-2373-1 DLA-2144-1}
 	- qemu 1:4.2-2 (bug #949731)


=====================================
data/dla-needed.txt
=====================================
@@ -259,6 +259,11 @@ subversion (Roberto C. Sánchez)
   NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
   NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)
 --
+systemd
+  NOTE: 20220524: CVE-2020-1712 marked for update but didn't make it to 9.13
+  NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but at the
+  NOTE: 20220524: same time is severe and was fixed in other old distros (Beuc/front-desk)
+--
 tiff (Utkarsh)
   NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff.
   NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc5d771410a5c73fef315d7ef0bd9afc9ee243a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc5d771410a5c73fef315d7ef0bd9afc9ee243a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220524/6c468cac/attachment.htm>
