[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gdk-pixbuf update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Sep 11 15:02:50 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e779390 by Salvatore Bonaccorso at 2022-09-11T16:02:17+02:00
Reserve DSA number for gdk-pixbuf update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -57181,7 +57181,6 @@ CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter whi
 	- python-django-cms <itp> (bug #516183)
 CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
 	- gdk-pixbuf 2.42.9+dfsg-1 (bug #1014600)
-	[bullseye] - gdk-pixbuf <no-dsa> (Minor issue)
 	[buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
 	[stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Sep 2022] DSA-5228-1 gdk-pixbuf - security update
+	{CVE-2021-44648 CVE-2021-46829}
+	[bullseye] - gdk-pixbuf 2.42.2+dfsg-1+deb11u1
 [07 Sep 2022] DSA-5227-1 libgoogle-gson-java - security update
 	{CVE-2022-25647}
 	[bullseye] - libgoogle-gson-java 2.8.6-1+deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ connman (carnil)
 --
 freecad (aron)
 --
-gdk-pixbuf (carnil)
---
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y versions



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e779390aba58cbb5e9a6afa59903cc1104a16ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e779390aba58cbb5e9a6afa59903cc1104a16ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220911/9c8c0654/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list