[Git][security-tracker-team/security-tracker][master] Reserve DLA-3033-1 for smarty3

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ccb5f21 by Markus Koschany at 2022-05-29T15:52:14+02:00
Reserve DLA-3033-1 for smarty3

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 May 2022] DLA-3033-1 smarty3 - security update
+	{CVE-2022-29221}
+	[stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6
 [29 May 2022] DLA-3032-1 pngcheck - security update
 	{CVE-2020-27818}
 	[stretch] - pngcheck 2.3.0-7+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -249,10 +249,6 @@ sleuthkit
 slurm-llnl
   NOTE: 20220516: Checking the code it looks like the patches will apply so the code is clearly vulnerable.
 --
-smarty3
-  NOTE: 20220527: upcoming DSA by apo, but last DLA is recent (this month);
-  NOTE: 20220527: sync or postpone depending on severity (Beuc/front-desk)
---
 snapd
   NOTE: 20220308: seems vulnerable at least to setup_private_mount,
   NOTE: 20220308: but double check (pochu)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccb5f21d4881f6ac65218fce7a747deb20a6414

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccb5f21d4881f6ac65218fce7a747deb20a6414
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220529/2fd34dff/attachment-0001.htm>