[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Nov 25 18:57:27 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
344ee89a by Moritz Muehlenhoff at 2022-11-25T19:57:06+01:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -82222,6 +82222,7 @@ CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can b
- cfrpki 1.4.0-1
- fort-validator 1.5.3-1
- rpki-client 7.5-1
+ [bullseye] - rpki-client <ignored> (Fixed versions need more recent libretls)
NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
NOTE: https://github.com/NLnetLabs/routinator/pull/666
NOTE: https://github.com/NLnetLabs/routinator/pull/612
@@ -82232,6 +82233,7 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain
- cfrpki <unfixed>
[bullseye] - cfrpki <postponed> (Minor issue, revisit when fixed upstream)
- rpki-client 7.5-1
+ [bullseye] - rpki-client <ignored> (Fixed versions need more recent libretls)
NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
NOTE: https://github.com/NLnetLabs/routinator/pull/665
CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...)
@@ -82588,6 +82590,7 @@ CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for
- cfrpki 1.4.0-1
- fort-validator 1.5.3-1
- rpki-client 7.5-1
+ [bullseye] - rpki-client <ignored> (Fixed versions need more recent libretls)
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...)
{DSA-5041-1}
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ netatalk
--
nodejs
--
+mujs (jmm)
+--
multipath-tools
--
openexr
@@ -47,9 +49,6 @@ pngcheck (jmm)
--
rails
--
-rpki-client
- new 7.6 release required libretls, which isn't in Bullseye
---
ruby-image-processing
--
ruby-nokogiri
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344ee89ac27454282223c7163eeaf21496bf9dab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344ee89ac27454282223c7163eeaf21496bf9dab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221125/5021c56c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list