[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky (@gladk)
gladk at debian.org
Mon Sep 5 21:59:59 BST 2022
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f047c4c by Anton Gladky at 2022-09-05T22:54:31+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -41,7 +41,7 @@ curl
NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/curl.git
NOTE: 20220904: Special attention: high popcon!.
--
-exiv2 (Roberto C. Sánchez)
+exiv2
NOTE: 20220819: Programming language: C++.
NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb)
--
@@ -59,14 +59,14 @@ kopanocore
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
--
libgoogle-gson-java
- NOTE: 20220905: Programming language Java.
+ NOTE: 20220905: Programming language: Java.
--
libraw
NOTE: 20220904: Programming language: C++.
--
linux (Ben Hutchings)
--
-mbedtls (Utkarsh)
+mbedtls
NOTE: 20220821: Programming language: C.
--
mediawiki (Markus Koschany)
@@ -85,7 +85,7 @@ openexr
NOTE: 20220904: Should be synced with Stretch. (apo)
--
pcs
- NOTE: 20220905: Programming language: Python
+ NOTE: 20220905: Programming language: Python.
NOTE: 20220905: Local access needed to get exploit the vulnerability.
NOTE: 20220905: One could argue that the vulnerability is in Thin::Backends::UnixServer:connect
NOTE: 20220905: since the solution is to override that function with a new umask.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f047c4c2868cea63cd9b90b98858643ac6a4f59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f047c4c2868cea63cd9b90b98858643ac6a4f59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/2bba0aa2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list