[Git][security-tracker-team/security-tracker][master] lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Feb 2 10:04:00 GMT 2023 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7403df6 by Emilio Pozuelo Monfort at 2023-02-02T11:03:07+01:00
lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17246,6 +17246,7 @@ CVE-2022-4056
 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, improp ...)
 	- xdg-utils <unfixed> (bug #1027160)
 	[bullseye] - xdg-utils <no-dsa> (Minor issue)
+	[buster] - xdg-utils <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
 	NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
 CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...)


=====================================
data/dla-needed.txt
=====================================
@@ -301,12 +301,6 @@ wireshark
   NOTE: 20230123: Programming language: C.
   NOTE: 20230123: 7 new CVEs + 3 postponed ones. Would be good to not let them pile up like last time. (utkarsh).
 --
-xdg-utils
-  NOTE: 20221120: Programming language: C.
-  NOTE: 20221120: no real fix yet
-  NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils
-  NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used
---
 xfig (gladk)
   NOTE: 20230105: Programming language: C.
   NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7403df6090d5e272270c43216be8cff20066d42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7403df6090d5e272270c43216be8cff20066d42
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230202/b4698dc1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list