[Git][security-tracker-team/security-tracker][master] Mark netatalk as no-dsa and remove from dsa-needed list

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 15 06:26:57 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47e10f5e by Salvatore Bonaccorso at 2023-08-15T07:25:55+02:00
Mark netatalk as no-dsa and remove from dsa-needed list

The update was proposed to go trough the upcoming bullseye point
release. Mark as such and remove it from dsa-needed list instead.

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50405,6 +50405,7 @@ CVE-2022-45189
 CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow  ...)
 	{DLA-3426-1}
 	- netatalk 3.1.15~ds-1 (bug #1024021)
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/
 	NOTE: https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925
 	NOTE: https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396 (netatalk-3-1-15)
@@ -57346,6 +57347,7 @@ CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose
 CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.15~ds-1 (bug #1034170)
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://github.com/Netatalk/Netatalk/pull/186
 	NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-094/
@@ -117010,11 +117012,13 @@ CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux k
 CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa
 CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
 	NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression:
@@ -117025,6 +117029,7 @@ CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
@@ -117036,6 +117041,7 @@ CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
 	NOTE: Causes a regression:
@@ -117046,6 +117052,7 @@ CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c
 	NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1
@@ -117092,6 +117099,7 @@ CVE-2022-21134 (A firmware update vulnerability exists in the "update"
 CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
 	NOTE: Causes a regression:
@@ -163375,6 +163383,7 @@ CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges
 CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
+	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f
 CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -28,10 +28,6 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-netatalk/oldstable
-  open regression with MacOS, tentative patch not yet merged upstream
-  See discussion on team mailing list.
---
 nodejs
   maintainer proposed to follow the upstream 18.x LTS branch
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e10f5e4fa3e62b6ccd454da791c8dd760788db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e10f5e4fa3e62b6ccd454da791c8dd760788db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230815/efbe6226/attachment.htm>

More information about the debian-security-tracker-commits mailing list