[Git][security-tracker-team/security-tracker][master] 2 commits: Mark crun's embedded yajl copy as unused (not-affected)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 14 04:27:19 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
950a32b0 by Faidon Liambotis at 2023-07-14T00:33:13+03:00
Mark crun's embedded yajl copy as unused (not-affected)

The embedded copy is unused in the binaries and this has been the case
for all historical releases as well, including all security-supported
stable releases.

Using it would require passing --enable-embedded-yajl to ./configure, so
highly unlikely. A "grep -q yajl debian/crun.substvars" to dh_gencontrol
was added as an additional safeguard. A note also exists in the
package's debian/copyright.

See bugs #1039083 and #1040147 for additional information.

- - - - -
23b458d8 by Salvatore Bonaccorso at 2023-07-14T03:27:09+00:00
Merge branch 'crun-yajl' into 'master'

Mark crun's embedded yajl copy as unused (not-affected)

See merge request security-tracker-team/security-tracker!141
- - - - -


1 changed file:

- data/embedded-code-copies


Changes:

=====================================
data/embedded-code-copies
=====================================
@@ -1264,7 +1264,8 @@ yajl
 	- argyll <unfixed> (embed; bug #544223)
 	- burp <unfixed> (embed; bug #1039085)
 	- collada2gltf <unfixed> (embed; bug #1039086)
-	- crun <unfixed> (embed; bug #1039083)
+	- crun <not-affected> (embed; bug #1039083; linked dynamically against libyajl from beginning of the packaging)
+	NOTE: embedded copy is unused, linked dynamically against libyajl instead
 	- epics-base <unfixed> (embed; bug #1039087)
 	NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
 	- lnav <unfixed> (embed; bug #724693)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61eeb433da33be6a6557026d66bfa8910fb037da...23b458d845f671df3625c73331c8b05925448767

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61eeb433da33be6a6557026d66bfa8910fb037da...23b458d845f671df3625c73331c8b05925448767
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/94feb8c8/attachment.htm>

More information about the debian-security-tracker-commits mailing list