[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.

Tue Sep 6 22:43:59 BST 2022


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16e67227 by Ola Lundqvist at 2022-09-06T23:35:57+02:00
Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.

- - - - -
c6a9d207 by Ola Lundqvist at 2022-09-06T23:38:54+02:00
Marked CVE-2021-32740 for ruby-addressable as no-dsa in buster with motivation minor issue. This follows the decision made earlier for stretch. For bullseye it was fixed but since the issue was considered minor for strech there is no reason why a backport should be made in buster.

- - - - -
12737123 by Ola Lundqvist at 2022-09-06T23:43:03+02:00
Added trafficserver to dla-needed following decision for bullseye.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -90751,6 +90751,7 @@ CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
 	- ruby-addressable 2.7.0-2 (bug #990791)
+	[buster] - ruby-addressable <no-dsa> (Minor issue)
 	[stretch] - ruby-addressable <no-dsa> (Minor issue)
 	NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
@@ -97894,8 +97895,10 @@ CVE-2021-30131
 	RESERVED
 CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
 	- phpseclib 1.0.19-3
+	[buster] - phpseclib <not-affected> (Only affects 3.x branch)
 	[stretch] - phpseclib <not-affected> (Only affects 3.x branch)
 	- php-phpseclib 2.0.30-2
+	[buster] - php-phpseclib <not-affected> (Only affects 3.x branch)
 	[stretch] - php-phpseclib <not-affected> (Only affects 3.x branch)
 	- php-phpseclib3 3.0.7-1
 	NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890


=====================================
data/dla-needed.txt
=====================================
@@ -133,6 +133,9 @@ sqlite3
 thunderbird
   NOTE: 20220904: Programming language: C++.
 --
+trafficserver
+  NOTE: 20220905: Programming language: C
+--
 unzip
   NOTE: 20220904: Programming language: C.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/027eab42daeb5a6960d7fa6cf9cdbc55c0735276...12737123bebbbb5418693cca11ba91d2ecb59d32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/027eab42daeb5a6960d7fa6cf9cdbc55c0735276...12737123bebbbb5418693cca11ba91d2ecb59d32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/e0a1f155/attachment.htm>
