[Git][security-tracker-team/security-tracker][master] Reserve DLA-3382-1 for openimageio

Markus Koschany (@apo) apo at debian.org
Tue Apr 4 23:52:50 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cdf76f76 by Markus Koschany at 2023-04-05T00:52:38+02:00
Reserve DLA-3382-1 for openimageio

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13953,7 +13953,7 @@ CVE-2023-24538 [html/template: backticks not treated as string delimiters]
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
-	NOTE:  https://go.dev/issue/59234
+	NOTE: https://go.dev/issue/59234
 	NOTE: https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)
 	NOTE: https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)
 CVE-2023-24537 [go/parser: infinite loop in parsing]


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Apr 2023] DLA-3382-1 openimageio - security update
+	{CVE-2022-36354 CVE-2022-41639 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603}
+	[buster] - openimageio 2.0.5~dfsg0-1+deb10u1
 [04 Apr 2023] DLA-3381-1 ghostscript - security update
 	{CVE-2023-28879}
 	[buster] - ghostscript 9.27~dfsg-2+deb10u7


=====================================
data/dla-needed.txt
=====================================
@@ -189,11 +189,6 @@ nvidia-graphics-drivers-legacy-390xx
   NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg00005.html
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/nvidia-graphics-drivers-legacy-390xx.git
 --
-openimageio
-  NOTE: 20221225: Programming language: C.
-  NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
-  NOTE: 20220313: will be released today (apo)
---
 php-cas
   NOTE: 20221105: Programming language: PHP.
   NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf76f767d31e156a778750cef536670cfb80a9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf76f767d31e156a778750cef536670cfb80a9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230404/f837a6d0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list