[Git][security-tracker-team/security-tracker][master] Reserve DLA-3205-1 for inetutils
Guilhem Moulin (@guilhem)
guilhem at debian.org
Fri Nov 25 12:32:08 GMT 2022
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c90cfd7 by Guilhem Moulin at 2022-11-25T13:31:49+01:00
Reserve DLA-3205-1 for inetutils
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21232,7 +21232,6 @@ CVE-2022-3019 (The forgot password token basically just makes us capable of taki
CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...)
- inetutils 2:2.3-5
[bullseye] - inetutils 2:2.0-1+deb11u1
- [buster] - inetutils <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
NOTE: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
CVE-2022-38795
@@ -90559,7 +90558,6 @@ CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the re
CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...)
- inetutils 2:2.2-1 (bug #993476)
[bullseye] - inetutils 2:2.0-1+deb11u1
- [buster] - inetutils <no-dsa> (Minor issue)
[stretch] - inetutils <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
@@ -285063,7 +285061,6 @@ CVE-2019-0053 (Insufficient validation of environment variables in the telnet cl
[buster] - socks4-server <ignored> (Minor issue)
[stretch] - socks4-server <ignored> (Minor issue)
- inetutils 2:1.9.4-11 (low; bug #945861)
- [buster] - inetutils <ignored> (Minor issue)
[stretch] - inetutils <ignored> (Minor issue)
[jessie] - inetutils <no-dsa> (Minor issue)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Nov 2022] DLA-3205-1 inetutils - security update
+ {CVE-2019-0053 CVE-2020-8284 CVE-2021-40491 CVE-2022-39028}
+ [buster] - inetutils 2:1.9.4-7+deb10u2
[24 Nov 2022] DLA-3204-1 vim - security update
{CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696 CVE-2022-1619 CVE-2022-1621 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-3235 CVE-2022-3256 CVE-2022-3352}
[buster] - vim 2:8.1.0875-5+deb10u4
=====================================
data/dla-needed.txt
=====================================
@@ -92,10 +92,6 @@ imagemagick
NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
NOTE: 20220904: Should be synced with Stretch. (apo)
--
-inetutils (guilhem)
- NOTE: 20221112: Programming language: C.
- NOTE: 20221112: Follow fixes from bullseye 11.5 (Beuc/front-desk)
---
ini4j
NOTE: 20221012: Programming language: Java.
NOTE: 20221012: Require investigation (lamby)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c90cfd74733d33b0d1593a13f1775a0a8598456
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c90cfd74733d33b0d1593a13f1775a0a8598456
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221125/632c4c9e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list