[Git][security-tracker-team/security-tracker][master] Reserve DLA-3026-1 for filezilla

Andreas Rönnquist (@gusnan) gusnan at debian.org
Thu May 26 13:32:00 BST 2022 


Andreas Rönnquist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b39bd5f3 by Andreas Rönnquist at 2022-05-26T14:31:42+02:00
Reserve DLA-3026-1 for filezilla

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -224098,7 +224098,6 @@ CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protecti
 CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
 	- filezilla 3.45.1-1 (low; bug #928282)
 	[buster] - filezilla 3.39.0-2+deb10u1
-	[stretch] - filezilla <no-dsa> (Minor issue)
 	[jessie] - filezilla <no-dsa> (Minor issue)
 	NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision
 	NOTE: https://www.tenable.com/security/research/tra-2019-14


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 May 2022] DLA-3026-1 filezilla - security update
+	{CVE-2019-5429}
+	[stretch] - filezilla 3.24.0-1+deb9u1
 [26 May 2022] DLA-3025-1 irssi - security update
 	{CVE-2019-13045}
 	[stretch] - irssi 1.0.7-1~deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -63,9 +63,6 @@ exempi
   NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis
   NOTE: 20220517: is needed.
 --
-filezilla (Andreas Rönnquist)
-  NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) (Beuc/front-desk)
---
 firmware-nonfree
   NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b39bd5f33cacdf25d4d335ac1fc09f1e24ce820e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b39bd5f33cacdf25d4d335ac1fc09f1e24ce820e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/6609ddb7/attachment.htm>

More information about the debian-security-tracker-commits mailing list