[Git][security-tracker-team/security-tracker][master] 3 commits: dla: libapache2-mod-auth-openidc: one more CVE to fix

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02339e2e by Sylvain Beucler at 2023-04-04T20:34:38+02:00
dla: libapache2-mod-auth-openidc: one more CVE to fix

- - - - -
d2caf3e4 by Sylvain Beucler at 2023-04-04T20:44:09+02:00
dla: add grunt

- - - - -
71277a22 by Sylvain Beucler at 2023-04-04T20:50:53+02:00
dla: add keepalived

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -102,6 +102,10 @@ golang-yaml.v2
   NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
   NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't).
 --
+grunt
+  NOTE: 20230404: Programming language: JavaScript.
+  NOTE: 20220528: CVE-2022-0436 fixed in all other dists (Debian 11.4, ELA-672-1 for stretch) (Beuc/front-desk)
+--
 hdf5
   NOTE: 20230318: Programming language: C.
   NOTE: 20230318: VCS: https://salsa.debian.org/lts-team/packages/hdf5.git
@@ -114,10 +118,15 @@ jruby
   NOTE: 20230403: Special attention: Not in bullseye
   NOTE: 20230403: Lots of postponed issues that were fixed in other ruby* packages (Beuc/front-desk)
 --
+keepalived
+  NOTE: 20230404: Programming language: C.
+  NOTE: 20230404: Sync with Debian 11.2 (CVE-2021-44225) (Beuc/front-desk)
+--
 libapache2-mod-auth-openidc
   NOTE: 20230404: Programming language: C.
-  NOTE: 20230404: CVE-2021-39191 fixed in Debian 11.4
   NOTE: 20230404: CVE-2019-20479 fixed in all other dists (including DLA-2298-1 for stretch)
+  NOTE: 20230404: CVE-2021-39191 fixed in Debian 11.4
+  NOTE: 20230404: CVE-2022-23527 will be fixed in Debian 11.7 (#1026447)
   NOTE: 20230404: Also check if other postponed/open CVEs need to be fixed (Beuc/front-desk)
 --
 linux (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf310014e38348ed795b900aba99ff5373c367b5...71277a2282169fb49a29a69e5a3316c4dc29529d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf310014e38348ed795b900aba99ff5373c367b5...71277a2282169fb49a29a69e5a3316c4dc29529d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230404/7c3d2f03/attachment-0001.htm>