[Git][security-tracker-team/security-tracker][master] Reserve DLA-3399-1 for 389-ds-base

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b660147b by Anton Gladky at 2023-04-24T06:28:47+02:00
Reserve DLA-3399-1 for 389-ds-base

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -135609,7 +135609,6 @@ CVE-2021-36768
 CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...)
 	- 389-ds-base 1.4.4.17-1 (bug #991405)
 	[bullseye] - 389-ds-base <no-dsa> (Minor issue)
-	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://github.com/389ds/389-ds-base/issues/4817
 	NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
@@ -148060,7 +148059,6 @@ CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before
 	NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
 CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...)
 	- 389-ds-base 1.4.4.11-2 (bug #988727)
-	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://github.com/389ds/389-ds-base/issues/4711
 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)
@@ -273758,7 +273756,6 @@ CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, ve
 CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...)
 	{DLA-2004-1}
 	- 389-ds-base 1.4.2.4-1 (bug #944150)
-	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
 	NOTE: https://pagure.io/freeipa/issue/8050
@@ -288164,7 +288161,6 @@ CVE-2019-10225 (A flaw was found in atomic-openshift of openshift-4.2 where the
 	NOT-FOR-US: OpenShift
 CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3.  ...)
 	- 389-ds-base 1.4.1.5-1
-	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
 	[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
 	- python-lib389 <removed>
@@ -305557,7 +305553,6 @@ CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of ato
 CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers  ...)
 	{DLA-1779-1}
 	- 389-ds-base 1.4.1.5-1 (bug #927939)
-	[buster] - 389-ds-base <no-dsa> (Minor issue)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
 	NOTE: https://pagure.io/389-ds-base/issue/50329


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Apr 2023] DLA-3399-1 389-ds-base - security update
+	{CVE-2019-3883 CVE-2019-10224 CVE-2019-14824 CVE-2021-3514 CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-2850}
+	[buster] - 389-ds-base 1.4.0.21-1+deb10u1
 [21 Apr 2023] DLA-3398-1 curl - security update
 	{CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538}
 	[buster] - curl 7.64.0-4+deb10u6


=====================================
data/dla-needed.txt
=====================================
@@ -12,13 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
---
-389-ds-base (gladk)
-  NOTE: 20221231: Programming language: C.
-  NOTE: 20221231: Few users. Low prio. (opal).
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
-  NOTE: 20230327: test new CI
-  NOTE: 20230410: WIP
 --
 apache2 (rouca)
   NOTE: 20230312: Programming language: C.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b660147bd0488607a08ede7cbfb06fd807991db3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b660147bd0488607a08ede7cbfb06fd807991db3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/91cc73fd/attachment-0001.htm>