[Git][security-tracker-team/security-tracker][master] Reserve DLA-3203-1 for nginx
Markus Koschany (@apo)
apo at debian.org
Tue Nov 22 23:30:42 GMT 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cce5b8db by Markus Koschany at 2022-11-23T00:30:31+01:00
Reserve DLA-3203-1 for nginx
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -102703,7 +102703,6 @@ CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field wh
CVE-2021-3618 (ALPACA is an application layer protocol content confusion attack, expl ...)
- nginx 1.20.2-2 (bug #991328)
[bullseye] - nginx 1.18.0-6.1+deb11u2
- [buster] - nginx <no-dsa> (Minor issue)
[stretch] - nginx <no-dsa> (Minor issue)
- vsftpd <unfixed> (bug #991329)
[bullseye] - vsftpd <no-dsa> (Minor issue)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Nov 2022] DLA-3203-1 nginx - security update
+ {CVE-2021-3618 CVE-2022-41741 CVE-2022-41742}
+ [buster] - nginx 1.14.2-2+deb10u5
[22 Nov 2022] DLA-3202-1 libarchive - security update
{CVE-2019-19221 CVE-2021-23177 CVE-2021-31566}
[buster] - libarchive 3.3.3-4+deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -170,10 +170,6 @@ netatalk
NOTE: 20220816: Programming language: C.
NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)
--
-nginx (Markus Koschany)
- NOTE: 20221111: Programming language: C.
- NOTE: 20221111: Upcoming DSA + follow fixes from bullseye 11.4 (Beuc/front-desk)
---
node-cached-path-relative
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce5b8db805ffdb3d64fb059333bcdf52d6b2240
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce5b8db805ffdb3d64fb059333bcdf52d6b2240
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221122/707dbd4d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list