[Git][security-tracker-team/security-tracker][master] Reserve DSA number for haproxy update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 28 12:36:36 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba650bc7 by Salvatore Bonaccorso at 2023-12-28T13:36:07+01:00
Reserve DSA number for haproxy update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22636,8 +22636,6 @@ CVE-2023-38103 [ZDI-CAN-21443: Integer overflow leading to heap overwrite in Rea
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1007/
 CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...)
 	- haproxy 2.6.15-1 (bug #1043502)
-	[bookworm] - haproxy <postponed> (Minor issue, fix along with future DSA)
-	[bullseye] - haproxy <postponed> (Minor issue, fix along with future DSA)
 	[buster] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/haproxy/haproxy/issues/2237
 	NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[28 Dec 2023] DSA-5590-1 haproxy - security update
+	{CVE-2023-40225 CVE-2023-45539}
+	[bullseye] - haproxy 2.2.9-2+deb11u6
+	[bookworm] - haproxy 2.6.12-1+deb12u1
 [27 Dec 2023] DSA-5589-1 nodejs - security update
 	{CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 CVE-2023-38552 CVE-2023-39333}
 	[bookworm] - nodejs 18.19.0+dfsg-6~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -24,8 +24,6 @@ gpac/oldstable
 --
 h2o (jmm)
 --
-haproxy (carnil)
---
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba650bc780fcf020fde063abdf282ad4ff277edb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba650bc780fcf020fde063abdf282ad4ff277edb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231228/baec1870/attachment.htm>

More information about the debian-security-tracker-commits mailing list