[Git][security-tracker-team/security-tracker][master] 2 commits: Take dropbear and ruby-sinatra

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Fri Oct 28 02:41:10 BST 2022 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8556a2e4 by Utkarsh Gupta at 2022-10-28T07:09:49+05:30
Take dropbear and ruby-sinatra

- - - - -
c25e0c74 by Utkarsh Gupta at 2022-10-28T07:10:52+05:30
Reserve DLA-3165-1 for expat

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Oct 2022] DLA-3165-1 expat - security update
+	{CVE-2022-43680}
+	[buster] - expat 2.2.6-2+deb10u6
 [27 Oct 2022] DLA-3164-1 python-django - security update
 	{CVE-2020-24583 CVE-2020-24584 CVE-2021-3281 CVE-2021-23336 CVE-2022-34265}
 	[buster] - python-django 1:1.11.29-1+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -33,16 +33,13 @@ curl (Emilio)
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/curl.git
   NOTE: 20220904: Special attention: high popcon!.
 --
-dropbear
+dropbear (Utkarsh)
   NOTE: 20221027: Programming language: C.
 --
 exiv2
   NOTE: 20220819: Programming language: C++.
   NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb)
 --
-expat (Utkarsh)
-  NOTE: 20221027: Programming language: C.
---
 firmware-nonfree
   NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
 --
@@ -175,7 +172,7 @@ rainloop
   NOTE: 20220913: also there's an unofficial one for CVE-2022-29360;
   NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk)
 --
-ruby-sinatra
+ruby-sinatra (Utkarsh)
   NOTE: 20220911: Programming language: ruby
 --
 runc



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4abbbd912486474c89abb9379b60448b299762e...c25e0c74fb63a70543c1386c3f66ad4cf47c267f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4abbbd912486474c89abb9379b60448b299762e...c25e0c74fb63a70543c1386c3f66ad4cf47c267f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221028/432cfbe6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list