[Git][security-tracker-team/security-tracker][master] Reserve DLA-3491-1 for erlang

Markus Koschany (@apo) apo at debian.org
Tue Jul 11 14:15:22 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7017131 by Markus Koschany at 2023-07-11T15:15:09+02:00
Reserve DLA-3491-1 for erlang

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -70180,7 +70180,6 @@ CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to in
 CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before  ...)
 	- erlang 1:24.3.4.5+dfsg-1 (bug #1024632)
 	[bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1
-	[buster] - erlang <no-dsa> (Minor issue)
 	NOTE: https://erlangforums.com/t/otp-25-1-released/1854
 	NOTE: Fixed by: https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 (OTP-23.3.4.15)
 	NOTE: Followup: https://github.com/erlang/otp/commit/6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5 (OTP-23.3.4.17)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Jul 2023] DLA-3491-1 erlang - security update
+	{CVE-2022-37026}
+	[buster] - erlang 1:22.2.7+dfsg-1+deb10u1
 [11 Jul 2023] DLA-3490-1 thunderbird - security update
 	{CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208 CVE-2023-37211}
 	[buster] - thunderbird 1:102.13.0-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -46,10 +46,6 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk)
 --
-erlang (Markus Koschany)
-  NOTE: 20221119: Added by Front-Desk (ta)
-  NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
---
 flatpak
   NOTE: 20230620: Added by Front-Desk (Beuc)
   NOTE: 20230620: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f701713162cbc88633896824e8c405a1096819b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f701713162cbc88633896824e8c405a1096819b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230711/44b89082/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list