[Git][security-tracker-team/security-tracker][master] dla: check bullseye 11.6 updates
Sylvain Beucler (@beuc)
beuc at debian.org
Thu Jan 5 16:58:29 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0c711cf by Sylvain Beucler at 2023-01-05T17:57:58+01:00
dla: check bullseye 11.6 updates
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -20326,7 +20326,6 @@ CVE-2022-3478
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
- powerline-gitstatus 1.3.2-1
[bullseye] - powerline-gitstatus 1.3.2-0+deb11u1
- [buster] - powerline-gitstatus <ignored> (Minor issue and solution require the user to reconfigure)
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...)
=====================================
data/dla-needed.txt
=====================================
@@ -45,6 +45,10 @@ curl (Roberto C. Sánchez)
NOTE: 20230103: Sorted out issue with broken CVE fix in stable, working with secteam to land the fix (roberto)
NOTE: 20230103: Packages ready for bullseye and buster, syncing ELTS releases (roberto)
--
+dojo
+ NOTE: 20230105: Programming language: JavaScript.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
erlang
NOTE: 20221119: Programming language: Erlang.
NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
@@ -103,6 +107,14 @@ kopanocore
lava
NOTE: 20221127: Programming language: Python.
--
+lemonldap-ng
+ NOTE: 20230105: Programming language: Perl.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
+libapache2-mod-auth-mellon
+ NOTE: 20230105: Programming language: C.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
libapreq2
NOTE: 20221031: Programming language: C.
--
@@ -129,6 +141,10 @@ libsdl2
libstb
NOTE: 20221111: Programming language: C.
--
+libtasn1-6
+ NOTE: 20230105: Programming language: C.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
libxstream-java
NOTE: 20221231: Programming language: Java.
NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/libxstream-java.git
@@ -175,6 +191,10 @@ node-got
NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
--
+node-minimatch
+ NOTE: 20230105: Programming language: JavaScript.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
node-moment
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
@@ -189,6 +209,10 @@ node-object-path
NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
NOTE: 20221223: Functional part of CVE-2021-3805 might be https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby)
--
+node-qs
+ NOTE: 20230105: Programming language: JavaScript.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
node-url-parse
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk)
@@ -224,6 +248,10 @@ pluxml
NOTE: 20220913: Programming language: PHP.
NOTE: 20220913: Special attention: orphaned package.
--
+powerline-gitstatus
+ NOTE: 20230105: Programming language: Python.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
protobuf
NOTE: 20221031: Programming language: Several.
NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf.
@@ -342,6 +370,10 @@ xdg-utils
NOTE: 20221120: Programming language: C.
NOTE: 20221120: no real fix yet
--
+xfig
+ NOTE: 20230105: Programming language: C.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
xrdp (Abhijith PA)
NOTE: 20221225: Programming language: C.
NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230105/042abe6a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list