[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa for buster for CVEs fixed in the DLA

Tue Jan 31 18:44:18 GMT 2023


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab5e76a5 by Adrian Bunk at 2023-01-31T20:43:01+02:00
Remove no-dsa for buster for CVEs fixed in the DLA

- - - - -
5a1a9751 by Adrian Bunk at 2023-01-31T20:43:59+02:00
Reserve DLA-3304-1 for fig2dev

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -127379,7 +127379,6 @@ CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-
 CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...)
 	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-5 (bug #960736)
-	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/107/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/
@@ -185415,7 +185414,6 @@ CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without
 CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
 	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
-	[buster] - fig2dev <no-dsa> (Minor issue)
 	[stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/76/
@@ -185792,7 +185790,6 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_text
 CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
 	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
-	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/64/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8)
@@ -185800,7 +185797,6 @@ CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfo
 CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
 	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
-	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/63/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8)
@@ -185814,7 +185810,6 @@ CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects
 CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
 	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
-	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/65/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3304-1 fig2dev - security update
+	{CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676 CVE-2021-32280}
+	[buster] - fig2dev 1:3.2.7a-5+deb10u5
 [31 Jan 2023] DLA-3303-1 ruby-git - security update
 	{CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
 	[buster] - ruby-git 1.2.8-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -45,10 +45,6 @@ erlang
   NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang
   NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used.
 --
-fig2dev (Adrian Bunk)
-  NOTE: 20230105: Programming language: C.
-  NOTE: 20230105: Harmonize with bullseye 11.5 and stretch (Beuc/front-desk)
---
 firmware-nonfree
   NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
   NOTE: 20221204: Coming soon in the first week of December. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d2c787fd954c29697bd0a24f1665de99ecccaa37...5a1a97514f876423316f62503edae8b9b263a0d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d2c787fd954c29697bd0a24f1665de99ecccaa37...5a1a97514f876423316f62503edae8b9b263a0d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230131/6a235625/attachment-0001.htm>
