[Git][security-tracker-team/security-tracker][master] 5 commits: Claim xfce4-settings in dla-needed.txt
Markus Koschany (@apo)
apo at debian.org
Thu Nov 24 15:30:37 GMT 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
addbf000 by Markus Koschany at 2022-11-24T15:39:34+01:00
Claim xfce4-settings in dla-needed.txt
- - - - -
b9d72035 by Markus Koschany at 2022-11-24T16:27:34+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
0baa7172 by Markus Koschany at 2022-11-24T16:27:58+01:00
Remove xfce4-settings from dla-needed.txt
The vulnerable code was introduced later.
- - - - -
0f514658 by Markus Koschany at 2022-11-24T16:29:07+01:00
CVE-2022-45062,xfce4-settings: buster is not affected
The vulnerable code was introduced later
- - - - -
bee1ef77 by Markus Koschany at 2022-11-24T16:30:12+01:00
Claim varnish in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2464,6 +2464,7 @@ CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., becau
NOTE: 238-1, mitigating the issue.
CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there i ...)
- xfce4-settings 4.16.4-1 (bug #1023732)
+ [buster] - xfce4-settings <not-affected> (The vulnerable code was introduced later)
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 (not public)
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1)
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4)
=====================================
data/dla-needed.txt
=====================================
@@ -335,7 +335,7 @@ trafficserver
twisted (Dominik George)
NOTE: 20221030: Programming language: Python.
--
-varnish
+varnish (Markus Koschany)
NOTE: 20221109: Programming language: C.
NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
--
@@ -346,9 +346,6 @@ xdg-utils
NOTE: 20221120: Programming language: C.
NOTE: 20221120: no real fix yet
--
-xfce4-settings
- NOTE: 20221120: Programming language: C.
---
zabbix
NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0ef78ab72c85a8a6246ecf33e57e826ed4ccc8d...bee1ef770e87b60a0d46384076de7dec88bf8207
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0ef78ab72c85a8a6246ecf33e57e826ed4ccc8d...bee1ef770e87b60a0d46384076de7dec88bf8207
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221124/b8e4e10c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list