[Git][security-tracker-team/security-tracker][master] Reserve DLA-3388-1 for keepalived

Mon Apr 10 18:58:24 BST 2023


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2f46d09 by Markus Koschany at 2023-04-10T19:58:11+02:00
Reserve DLA-3388-1 for keepalived

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -100600,7 +100600,7 @@ CVE-2022-23133 (An authenticated user can create a hosts group from the configur
 CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
 	- zabbix 1:6.0.7+dfsg-2
 	[bullseye] - zabbix <no-dsa> (Minor issue)
-	[buster] - zabbix  <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs)
+	[buster] - zabbix <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs)
 	[stretch] - zabbix <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present)
 	NOTE: https://support.zabbix.com/browse/ZBX-20341
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/019fbd9b5cc9c455304f1a48460435ca474ba2ac (5.0.18)
@@ -110325,7 +110325,6 @@ CVE-2021-4022 (A vulnerability was found in rizin. The bug involves an ELF64 bin
 CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...)
 	- keepalived 1:2.2.4-0.2
 	[bullseye] - keepalived 1:2.1.5-0.2+deb11u1
-	[buster] - keepalived <no-dsa> (Minor issue)
 	[stretch] - keepalived <no-dsa> (Minor issue)
 	NOTE: https://github.com/acassen/keepalived/pull/2063
 	NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Apr 2023] DLA-3388-1 keepalived - security update
+	{CVE-2021-44225}
+	[buster] - keepalived 1:2.0.10-1+deb10u1
 [10 Apr 2023] DLA-3387-2 udisks2 - regression update
 	[buster] - udisks2 2.8.1-4+deb10u2
 [07 Apr 2023] DLA-3387-1 udisks2 - security update


=====================================
data/dla-needed.txt
=====================================
@@ -116,10 +116,6 @@ jruby
   NOTE: 20230403: Special attention: Not in bullseye
   NOTE: 20230403: Lots of postponed issues that were fixed in other ruby* packages (Beuc/front-desk)
 --
-keepalived (Markus Koschany)
-  NOTE: 20230404: Programming language: C.
-  NOTE: 20230404: Sync with Debian 11.2 (CVE-2021-44225) (Beuc/front-desk)
---
 libapache2-mod-auth-openidc (Adrian Bunk)
   NOTE: 20230404: Programming language: C.
   NOTE: 20230404: CVE-2019-20479 fixed in all other dists (including DLA-2298-1 for stretch)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2f46d09308bca3f99c6c02c9bddc2cb0a37a022

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2f46d09308bca3f99c6c02c9bddc2cb0a37a022
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/dbed0209/attachment-0001.htm>
