[Git][security-tracker-team/security-tracker][master] 3 commits: Added sabnzbdplus to dla-needed.

Ola Lundqvist (@opal) opal at debian.org
Sun Jun 18 21:15:48 BST 2023 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61a98063 by Ola Lundqvist at 2023-06-18T22:06:32+02:00
Added sabnzbdplus to dla-needed.

- - - - -
75065857 by Ola Lundqvist at 2023-06-18T22:10:18+02:00
Added ruby-doorkeeper to dla-needed.

- - - - -
166b377d by Ola Lundqvist at 2023-06-18T22:13:44+02:00
Marked tomcat9 CVE-2023-23998 as no-dsa for buster.

The reasoning is that the same CVE for libcommons-fileupload-java is
declared as no-dsa and minor issue. Since that will not be fixed there
is no point to try to fix tomcat9 since it depends on libcommons-fileupload-java
to be fixed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23244,6 +23244,7 @@ CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method
 CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
 	- tomcat10 10.1.5-1
 	- tomcat9 9.0.70-2
+	[buster] - tomcat9 <no-dsa> (Minor issue)
 	- libcommons-fileupload-java 1.4-2 (bug #1031733)
 	[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
 	[buster] - libcommons-fileupload-java <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -185,6 +185,9 @@ ring (Thorsten Alteholz)
   NOTE: 20230507: testing package
   NOTE: 20230605: upload timing could be improved here
 --
+ruby-doorkeeper
+  NOTE: 20230618: Added by Front-Desk (opal)
+--
 ruby-loofah
   NOTE: 20221231: Added by Front-Desk (ola)
   NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby)
@@ -198,6 +201,9 @@ ruby-rails-html-sanitizer
 ruby-redcloth
   NOTE: 20230612: Added by Front-Desk (apo)
 --
+sabnzbdplus
+  NOTE: 20230618: Added by Front-Desk (opal)
+--
 salt
   NOTE: 20220814: Added by Front-Desk (gladk)
   NOTE: 20220814: I am not sure, whether it is possible to fix issues



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/077def48d552c9589362dbc35fd97d8679d74065...166b377d5a04c11b210e8a9b5c0d92f409144d19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/077def48d552c9589362dbc35fd97d8679d74065...166b377d5a04c11b210e8a9b5c0d92f409144d19
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230618/39cb69eb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list