[Git][security-tracker-team/security-tracker][master] 2 commits: Remove flatpak from dla-needed.txt

Markus Koschany (@apo) apo at debian.org
Thu Jul 13 10:25:05 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db5c0d5e by Markus Koschany at 2023-07-13T11:04:42+02:00
Remove flatpak from dla-needed.txt

CVE-2023-28100 and CVE-2023-28101 are minor issues and most users will install
their applications via GUIs and from trusted repositories anyway. An upgrade to
the 1.10.x series would require backports of at least bubblewrap and ostree.
This may or may not cause regressions in other applications. The risk to reward
ratio is rather unfavorable in this case and since targeted fixes are also
intrusive and sensible workarounds do exist, it is better to keep flatpak as is.

- - - - -
75cd45ad by Markus Koschany at 2023-07-13T11:24:44+02:00
Claim sabnzbdplus in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -46,10 +46,6 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk)
 --
-flatpak (Markus Koschany)
-  NOTE: 20230620: Added by Front-Desk (Beuc)
-  NOTE: 20230620: Follow fixes from bullseye 11.7 (2 CVEs) (Beuc/front-desk)
---
 glib2.0 (santiago)
   NOTE: 20230612: Added by Front-Desk (apo)
   NOTE: 20230710: WIP (santiago)
@@ -184,7 +180,7 @@ ruby-rails-html-sanitizer
   NOTE: 20221231: Added by Front-Desk (ola)
   NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh)
 --
-sabnzbdplus
+sabnzbdplus (Markus Koschany)
   NOTE: 20230618: Added by Front-Desk (opal)
 --
 salt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ccec2a3c867b87227850127a62ac56c9d1b27359...75cd45adf1f2f872f2cf77151e66df7bf8a663ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ccec2a3c867b87227850127a62ac56c9d1b27359...75cd45adf1f2f872f2cf77151e66df7bf8a663ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230713/3ac2929e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list