[Git][security-tracker-team/security-tracker][master] 9 commits: LTS: update curl meta-data

Anton Gladky (@gladk) gladk at debian.org
Sun Sep 4 21:03:37 BST 2022 


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
531ebb2a by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update curl meta-data

- - - - -
cc429809 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update glib2.0 meta-data

- - - - -
9e1330cb by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update imagemagick meta-data

- - - - -
2c956dc5 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update libraw meta-data

- - - - -
3ed71294 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update openexr meta-data

- - - - -
a7841dc5 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update poppler meta-data

- - - - -
591bf63f by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update python-oslo.utils meta-data

- - - - -
9d4fb228 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update samba meta-data

- - - - -
f620de97 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update vim meta-data

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -34,20 +34,24 @@ bluez
   NOTE: 20220902: Consider synchronizing with Stretch. (apo)
 --
 connman
-  NOTE: 20220902: Programming language C.
+  NOTE: 20220902: Programming language: C.
 --
 curl
-  NOTE: 20220901: Programming language C.
+  NOTE: 20220901: Programming language: C.
+  NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/curl.git
+  NOTE: 20220904: Special attention: high popcon!.
 --
 exiv2 (Roberto C. Sánchez)
   NOTE: 20220819: Programming language: C++.
   NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb)
 --
 glib2.0
-  NOTE: 20220901: Programming language C.
+  NOTE: 20220901: Programming language: C.
+  NOTE: 20220901: Special attention: High Popcon!.
 --
 imagemagick
-  NOTE: 20220904: Programming language C.
+  NOTE: 20220904: Programming language: C.
+  NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
 kopanocore
@@ -55,7 +59,7 @@ kopanocore
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
 --
 libraw
-  NOTE: 20220904: Programming language C++.
+  NOTE: 20220904: Programming language: C++.
 --
 linux (Ben Hutchings)
 --
@@ -74,13 +78,14 @@ nodejs (Sylvain Beucler)
   NOTE: 20220801: one of the upstream fixes doesn't address the security issue (jmm)
 --
 openexr
-  NOTE: 20220904: Programming language C++.
+  NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
 poppler (Markus Koschany)
-  NOTE: 20220902: Programming language C.
+  NOTE: 20220904: Programming language: C.
 --
 python-oslo.utils
+  NOTE: 20220904: Programming language: Python.
 --
 qemu (Abhijith PA)
   NOTE: 20220802: Programming language: C.
@@ -89,16 +94,18 @@ qemu (Abhijith PA)
   NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
   NOTE: 20220822: Merged new build at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc (abhijith)
 --
-samba
-  NOTE: 20220904: Programming language C.
-  NOTE: 20220904: Many postponed or open CVE in general. (apo)
---
 salt
   NOTE: 20220814: Programming language: Python.
   NOTE: 20220814: Packages is not in the supported packages by us.
   NOTE: 20220814: Also, I am not sure, whether it is possible to fix issues
   NOTE: 20220814: without backporting a newer verion. (Anton)
 --
+samba
+  NOTE: 20220904: Programming language: C.
+  NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git
+  NOTE: 20220904: Special attention: High popcon! Used in many servers.
+  NOTE: 20220904: Many postponed or open CVE in general. (apo)
+--
 sox (Abhijith PA)
   NOTE: 20220818: Programming language: C.
   NOTE: 20220818: Requires some investigation; see #1012138 etc.
@@ -110,7 +117,8 @@ upx-ucl (Thorsten Alteholz)
   NOTE: 20220820: CVE-2020-27787 may be not-affected. (Chris Lamb)
 --
 vim
-  NOTE: 20220904: Programming language C.
+  NOTE: 20220904: Programming language: C.
+  NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/vim.git
 --
 zlib (Emilio)
   NOTE: 20220813: Programming language: C.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d077ae3d8d0deb0f1109b4eb62707ce9df545d9...f620de9701dd8a03e82e7e9acdac81fba9363164

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d077ae3d8d0deb0f1109b4eb62707ce9df545d9...f620de9701dd8a03e82e7e9acdac81fba9363164
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220904/40d13283/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list