[Git][security-tracker-team/security-tracker][master] Reserve DLA-3307-1 for openjdk-11

Mon Feb 6 14:58:17 GMT 2023


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05217da4 by Emilio Pozuelo Monfort at 2023-02-06T15:57:55+01:00
Reserve DLA-3307-1 for openjdk-11

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -36748,7 +36748,6 @@ CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	{DSA-5335-1 DSA-5331-1}
 	- openjdk-11 11.0.17+8-1
-	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
 CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...)
 	NOT-FOR-US: GLPI plugin
@@ -96102,7 +96101,6 @@ CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	{DSA-5335-1 DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
-	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
 CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox 6.1.40-dfsg-1
@@ -96111,14 +96109,12 @@ CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	{DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
-	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.31-1 (bug #1024016)
 CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	{DSA-5335-1 DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
-	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
 CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
 	NOT-FOR-US: Oracle
@@ -96134,7 +96130,6 @@ CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	{DSA-5335-1 DSA-5331-1}
 	- openjdk-8 8u352-ga-1
 	- openjdk-11 11.0.17+8-1
-	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
 CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	{DSA-5335-1}


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Feb 2023] DLA-3307-1 openjdk-11 - security update
+	{CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
+	[buster] - openjdk-11 11.0.18+10-1~deb10u1
 [01 Feb 2023] DLA-3306-1 python-django - security update
 	{CVE-2023-23969}
 	[buster] - python-django 1:1.11.29-1+deb10u6


=====================================
data/dla-needed.txt
=====================================
@@ -196,10 +196,6 @@ openimageio
   NOTE: 20221225: Programming language: C.
   NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
 --
-openjdk-11 (Emilio)
-  NOTE: 20230123: Programming language: Java.
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/openjdk-11.git
---
 php-cas
   NOTE: 20221105: Programming language: PHP.
   NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05217da4e2f52e14a0191946f22bc24d9a54ecd2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05217da4e2f52e14a0191946f22bc24d9a54ecd2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230206/00a30e7b/attachment.htm>
