[Git][security-tracker-team/security-tracker][master] 11 commits: LTS: add freeradius to dla-needed.txt

Markus Koschany (@apo) apo at debian.org
Sun Feb 19 20:32:55 GMT 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92ad2370 by Markus Koschany at 2023-02-19T21:27:08+01:00
LTS: add freeradius to dla-needed.txt

- - - - -
7a305a92 by Markus Koschany at 2023-02-19T21:27:09+01:00
CVE-2023-25193,harfbuzz: Buster is no-dsa

Minor issue

- - - - -
aa8f8b08 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add intel-microcode to dla-needed.txt

- - - - -
32e325e3 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add nss to dla-needed.txt

- - - - -
6e4df0b7 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-cryptography to dla-needed.txt

- - - - -
b7273199 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-django to dla-needed.txt

- - - - -
f00ec304 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-werkzeug to dla-needed.txt

- - - - -
bdad6aed by Markus Koschany at 2023-02-19T21:27:10+01:00
CVE-2022-4254,sssd: Mark Buster as no-dsa

Minor issue

- - - - -
493b9372 by Markus Koschany at 2023-02-19T21:27:12+01:00
CVE-2022-4254,sssd: Remove superfluous Bullseye entry

The issue was fixed in 2.3.1 and Bullseye has 2.4.1

- - - - -
45bb9012 by Markus Koschany at 2023-02-19T21:27:12+01:00
LTS: add amanda to dla-needed.txt

- - - - -
900565f6 by Markus Koschany at 2023-02-19T21:27:23+01:00
Claim nss in dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2565,6 +2565,7 @@ CVE-2015-10073 (A vulnerability, which was classified as problematic, was found
 CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...)
 	- harfbuzz <unfixed> (bug #1030612)
 	[bullseye] - harfbuzz <no-dsa> (Minor issue)
+	[buster] - harfbuzz <no-dsa> (Minor issue)
 	NOTE: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
 CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and classified a ...)
 	NOT-FOR-US: Gimmie
@@ -18036,7 +18037,7 @@ CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE fr
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...)
 	- sssd 2.3.1-1
-	[bullseye] - sssd <no-dsa> (Minor issue)
+	[buster] - sssd <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894
 	NOTE: https://github.com/SSSD/sssd/issues/5135
 	NOTE: https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274


=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,11 @@ rather than remove/replace existing ones.
   NOTE: 20221231: Few users. Low prio. (opal).
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
 --
+amanda
+  NOTE: 20230219: Programming language: C.
+  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/amanda.git
+  NOTE: 20230219: Special attention: Privilege escalation.
+--
 apache2 (Lee Garrett)
   NOTE: 20221227: Programming language: C.
   NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
@@ -57,6 +62,10 @@ firmware-nonfree
   NOTE: 20221211: Programming language: Binary blob
   NOTE: 20221211: VCS: https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
 --
+freeradius
+  NOTE: 20230219: Programming language: C.
+  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/freeradius.git
+--
 fusiondirectory
   NOTE: 20221203: Programming language: PHP.
   NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).
@@ -103,6 +112,10 @@ imagemagick (Roberto C. Sánchez)
   NOTE: 20220904: Should be synced with Stretch. (apo)
   NOTE: 20221212: Integrated patches for 31 CVEs so far and continuing to work. (roberto)
 --
+intel-microcode
+  NOTE: 20230219: Programming language: Binary blob.
+  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/intel-microcode.git
+--
 kopanocore
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) (gusnan/retired)
@@ -174,6 +187,10 @@ nodejs
   NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster.
   NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
 --
+nss (Markus Koschany)
+  NOTE: 20230219: Programming language: C.
+  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/nss.git
+--
 nvidia-graphics-drivers
   NOTE: 20221225: Programming language: binary blob.
   NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
@@ -216,10 +233,23 @@ puppet-module-puppetlabs-mysql
   NOTE: 20221107: Programming language: Puppet, Ruby.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/puppet-module-puppetlabs-mysql.git
 --
+python-cryptography
+  NOTE: 20230219: Programming language: Python.
+  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/python-cryptography.git
+--
+python-django
+  NOTE: 20230219: Programming language: Python.
+  NOTE: 20230219: VCS: https://salsa.debian.org/python-team/packages/python-django
+  NOTE: 20230219: Special attention: Chris Lamb is the maintainer.
+--
 python-oslo.privsep
   NOTE: 20221231: Programming language: Python.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
 --
+python-werkzeug
+  NOTE: 20230219: Programming language: Python.
+  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/python-werkzeug.git
+--
 qemu
   NOTE: 20221108: Programming language: C.
   NOTE: 20221108: I updated the status of all opened (minor) CVEs to more clearly state whether we can fix or are waiting for a patch,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/213baf8d1f9ad63cbb3f35165afe73e046c33918...900565f6d1ee995b7b3dadb93769bd5cbf112254

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/213baf8d1f9ad63cbb3f35165afe73e046c33918...900565f6d1ee995b7b3dadb93769bd5cbf112254
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230219/200425bf/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list