[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2021-3514 for 389-ds-base as no-dsa in buster with motivation minor...

Ola Lundqvist (@opal) opal at debian.org
Tue Sep 6 22:32:11 BST 2022 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de10c4e2 by Ola Lundqvist at 2022-09-06T23:27:02+02:00
Marked CVE-2021-3514 for 389-ds-base as no-dsa in buster with motivation minor issue. This follows the decision made earlier for stretch. For bullseye it was fixed but since the issue was considered minor for strech there is no reason why a backport should be made in buster.

- - - - -
027eab42 by Ola Lundqvist at 2022-09-06T23:31:55+02:00
Added libxslt to dla-needed following decision for bullseye.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -93242,6 +93242,7 @@ CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before
 	NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
 CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...)
 	- 389-ds-base 1.4.4.11-2 (bug #988727)
+	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://github.com/389ds/389-ds-base/issues/4711
 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)


=====================================
data/dla-needed.txt
=====================================
@@ -67,6 +67,9 @@ libgoogle-gson-java (Markus Koschany)
 libraw
   NOTE: 20220904: Programming language: C++.
 --
+libxslt
+  NOTE: 20220905: Programming language: C
+--
 linux (Ben Hutchings)
 --
 mbedtls



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/178635f8f50de2fe4eeb0c5c3aefe63e34c52a84...027eab42daeb5a6960d7fa6cf9cdbc55c0735276

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/178635f8f50de2fe4eeb0c5c3aefe63e34c52a84...027eab42daeb5a6960d7fa6cf9cdbc55c0735276
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/9523ab67/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list