[Git][security-tracker-team/security-tracker][master] 4 commits: Claim asterisk in dla-needed.txt

Markus Koschany (@apo) apo at debian.org
Tue Feb 21 23:18:30 GMT 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6add35c4 by Markus Koschany at 2023-02-22T00:14:42+01:00
Claim asterisk in dla-needed.txt

- - - - -
f31bc65e by Markus Koschany at 2023-02-22T00:14:58+01:00
Remove tiff from dla-needed.txt because all CVE have been fixed.

- - - - -
10c7f963 by Markus Koschany at 2023-02-22T00:15:24+01:00
Remove snakeyaml from dla-needed.txt

- - - - -
aaeebf94 by Markus Koschany at 2023-02-22T00:18:08+01:00
Remove nextcloud-desktop from dla-needed.txt and triage

the currently open issues as no-dsa because they are minor.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6496,6 +6496,7 @@ CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server pla
 CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files from a Nex ...)
 	- nextcloud-desktop 3.6.4-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg
 	NOTE: https://github.com/nextcloud/desktop/pull/5233
 	NOTE: https://github.com/nextcloud/desktop/pull/5240
@@ -33933,6 +33934,7 @@ CVE-2022-41883 (TensorFlow is an open source platform for machine learning. When
 CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	- nextcloud-desktop 3.6.1-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
 	NOTE: https://github.com/nextcloud/desktop/pull/5039
 	NOTE: https://github.com/nextcloud/server/pull/34559
@@ -40308,24 +40310,28 @@ CVE-2022-39335
 CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud. Versions p ...)
 	- nextcloud-desktop 3.6.1-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
 	NOTE: https://github.com/nextcloud/desktop/issues/4927
 	NOTE: https://github.com/nextcloud/desktop/pull/5022
 CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
 	- nextcloud-desktop 3.6.1-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
 	NOTE: https://github.com/nextcloud/desktop/pull/4972
 	NOTE: https://hackerone.com/reports/1711847
 CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
 	- nextcloud-desktop 3.6.1-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
 	NOTE: https://github.com/nextcloud/desktop/pull/4972
 	NOTE: https://hackerone.com/reports/1668028
 CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
 	- nextcloud-desktop 3.6.1-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
 	NOTE: https://github.com/nextcloud/desktop/pull/4944
 	NOTE: https://hackerone.com/reports/1668028


=====================================
data/dla-needed.txt
=====================================
@@ -23,7 +23,7 @@ apache2 (Lee Garrett)
   NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
   NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!.
 --
-asterisk
+asterisk (Markus Koschany)
   NOTE: 20221211: Programming language: C.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/asterisk.git
 --
@@ -154,11 +154,6 @@ netatalk
   NOTE: 20221212: VCS: https://salsa.debian.org/lts-team/packages/netatalk
   NOTE: 20221212: Work is ongoing. CVE-2022-0194 is probably too intrusive. (gladk)
 --
-nextcloud-desktop
-  NOTE: 20221128: Programming language: C++.
-  NOTE: 20221128: VCS: https://salsa.debian.org/owncloud-team/nextcloud-desktop
-  NOTE: 20221128: Please coordinate with maintainer the usage of their git-repo (gladk).
---
 nheko
   NOTE: 20230101: Programming language: C++.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/nheko.git
@@ -317,12 +312,6 @@ samba
   NOTE: 20220904: Special attention: High popcon! Used in many servers.
   NOTE: 20220904: Many postponed or open CVE in general. (apo)
 --
-snakeyaml
-  NOTE: 20230101: Programming language: Java.
-  NOTE: 20230120: There is ongoing upstream discussion at
-  NOTE: 20230120: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/snakeyaml.git
---
 sofia-sip (Adrian Bunk)
   NOTE: 20230220: Programming language: C.
   NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/sofia-sip.git
@@ -336,11 +325,6 @@ sssd
   NOTE: 20230131: Programming language: C.
   NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
 --
-tiff
-  NOTE: 20230222: Programming language: C.
-  NOTE: 20230222: VCS: https://salsa.debian.org/lts-team/packages/tiff.git
-  NOTE: 20230222: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/tiff.html
---
 tinymce
   NOTE: 20221227: Programming language: PHP.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5bbbd68fe2dd5015e6ccd884cddf71eb98061a...aaeebf94508e7fc456cc63c18531087710858f81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5bbbd68fe2dd5015e6ccd884cddf71eb98061a...aaeebf94508e7fc456cc63c18531087710858f81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/2b929740/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list