[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for python-django.

Tue Nov 15 16:19:51 GMT 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c1e35c4 by Chris Lamb at 2022-11-15T16:19:26+00:00
dla-needed.txt: Update note for python-django.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -272,7 +272,7 @@ php-phpseclib (Sylvain Beucler)
   NOTE: 20221104: Attempted to clarify vulnerability status (cf. 02cd83d1d917dc5964440185226aa11e40058546) (Beuc)
   NOTE: 20221108: buster is missing testsuite in both phpseclib packages, contacted maintainer to decide whether to backport testsuite or just bump version (Beuc)
 --
-php7.3 (Emilio)
+php7.3
   NOTE: 20221031: Programming language: C.
   NOTE: 20221031: CVE-2022-37454 is what is of most concern.
 --
@@ -299,10 +299,11 @@ python-django (Chris Lamb)
   NOTE: 20221018: This leaves 8 CVEs that need fixing, either simply because the code is vulnerable or the issue has already been fixed in stretch: CVE-2022-34265, CVE-2022-28346, CVE-2022-23833, CVE-2022-22818, CVE-2021-33571, CVE-2021-33203, CVE-2021-31542 & CVE-2021-28658 (lamby)
   NOTE: 20221027: To clarify, only the first CVE mentioned in the previous comment (CVE-2022-34265) is vulnerable and not fixed in stretch, and the other seven have already been fixed in stretch. I plan to fix these remaining 1 CVE and release (with 5 total CVEs) instead of trying to co-ordinate a release with 12 (!) new patches. I can address them later. (lamby)
   NOTE: 20221031: Programming language: Python.
-  NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/python-django.git
+  NOTE: 20221031: VCS: https://salsa.debian.org/python-team/modules/python-django.git
   NOTE: 20221031: Special attention: Chris Lamb is the maintainer.
   NOTE: 20221103: Re-added pre-20221031 comments from Git and reclaimed; will upload at least CVE-2022-28346 soon. (lamby)
   NOTE: 20221104: Uploaded with three more CVEs: CVE-2022-28346  CVE-2021-45115 CVE-2021-45116 (lamby)
+  NOTE: 20221115: Will upload shortly with CVE-2021-44420, CVE-2021-45452, CVE-2022-22818 & CVE-2022-23833 (lamby)
 --
 qemu
   NOTE: 20221108: Programming language: C.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c1e35c4b58a05ab1ce0e0f7e2ffd60159ca6dc6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c1e35c4b58a05ab1ce0e0f7e2ffd60159ca6dc6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221115/00e59f3a/attachment-0001.htm>
