[Git][security-tracker-team/security-tracker][master] Reserve DLA-3389-1 for lldpd

Wed Apr 12 09:16:13 BST 2023


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3d0edc1 by Chris Lamb at 2023-04-12T09:14:31+01:00
Reserve DLA-3389-1 for lldpd

My previous reservation of DLA-3388-1 didn't successfully push to salsa, so I
now need to clean up my collisions with DLA-3388-1 (keepalived). :/

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -113525,7 +113525,6 @@ CVE-2021-43612 [crash in SONMP decoder]
 	RESERVED
 	- lldpd 1.0.13-1
 	[bullseye] - lldpd 1.0.11-1+deb11u1
-	[buster] - lldpd <no-dsa> (Minor issue)
 	[stretch] - lldpd <no-dsa> (Minor issue)
 	NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13)
 CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
@@ -187827,7 +187826,6 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.
 CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch. Specially crafte ...)
 	{DSA-4836-1 DLA-2571-1}
 	- lldpd 1.0.8-1
-	[buster] - lldpd <no-dsa> (Minor issue)
 	[stretch] - lldpd <no-dsa> (Minor issue)
 	- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132)
 	NOTE: https://github.com/openvswitch/ovs/pull/337


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Apr 2023] DLA-3389-1 lldpd - security update
+	{CVE-2020-27827 CVE-2021-43612}
+	[buster] - lldpd 1.0.3-1+deb10u1
 [10 Apr 2023] DLA-3388-1 keepalived - security update
 	{CVE-2021-44225}
 	[buster] - keepalived 1:2.0.10-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -127,10 +127,6 @@ libapache2-mod-auth-openidc (Adrian Bunk)
 linux (Ben Hutchings)
   NOTE: 20230111: Programming language: C
 --
-lldpd (Chris Lamb)
-  NOTE: 20230408: Programming language: C.
-  NOTE: 20230408: Sync with Debian 11.2 / bullseye (2 CVEs) (Beuc/front-desk)
---
 man2html
   NOTE: 20221004: Programming language: C.
   NOTE: 20221004: It looks like not patch is available.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3d0edc1a9f6cff3c2129fa84b5c33372b5d2557

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3d0edc1a9f6cff3c2129fa84b5c33372b5d2557
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/a47c3706/attachment.htm>
