[Git][security-tracker-team/security-tracker][master] Reserve DLA-3176-1 for clickhouse

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07a1fd77 by Tobias Frost at 2022-11-03T23:27:56+01:00
Reserve DLA-3176-1 for clickhouse

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Nov 2022] DLA-3176-1 clickhouse - security update
+	{CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305}
+	[buster] - clickhouse 18.16.1+ds-4+deb10u1
 [01 Nov 2022] DLA-3175-1 python3.7 - security update
 	{CVE-2022-37454}
 	[buster] - python3.7 3.7.3-2+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -31,11 +31,6 @@ ceph
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.
   NOTE: 20221031: What should be checked is whether any user with ceph permission can do the actions described in the exploit.
 --
-clickhouse (Tobias Frost)
-  NOTE: 20221003: Programming language: C++.
-  NOTE: 20221003: One pull request closes several CVEs.
-  NOTE: 20221003: Please evaluate, whether it can be applied.
---
 consul
   NOTE: 20221031: Programming language: Go.
   NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07a1fd7715f08a76f8727441501fd2821e182d29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07a1fd7715f08a76f8727441501fd2821e182d29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221103/3a5dbf72/attachment-0001.htm>