[Git][security-tracker-team/security-tracker][master] Reserve DLA-3459-1 for libxpm

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5353d5d by Bastien Roucariès at 2023-06-20T07:56:19+00:00
Reserve DLA-3459-1 for libxpm

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -30105,7 +30105,6 @@ CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <
 CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz exten ...)
 	- libxpm 1:3.5.12-1.1
 	[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-	[buster] - libxpm <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff916696d0a14308ff4f3a376 (libXpm-3.5.15)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/8178eb0834d82242e1edbc7d4fb0d1b397569c68 (libXpm-3.5.15)
@@ -30156,13 +30155,11 @@ CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-W
 CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
 	- libxpm 1:3.5.12-1.1
 	[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-	[buster] - libxpm <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15)
 CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width of 0 and ...)
 	- libxpm 1:3.5.12-1.1
 	[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-	[buster] - libxpm <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb287c0030c9913b046643 (libXpm-3.5.15)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d2135dbebe9a367c5f0 (libXpm-3.5.15)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Jun 2023] DLA-3459-1 libxpm - security update
+	{CVE-2022-4883 CVE-2022-44617 CVE-2022-46285}
+	[buster] - libxpm 1:3.5.12-1+deb10u1
 [20 Jun 2023] DLA-3458-1 php7.3 - security update
 	{CVE-2023-3247}
 	[buster] - php7.3 7.3.31-1~deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -109,10 +109,6 @@ libusrsctp (rouca)
 libx11 (Adrian Bunk)
   NOTE: 20230615: Added by Front-Desk (opal)
 --
-libxpm (rouca)
-  NOTE: 20230619: Added by Front-Desk (Beuc)
-  NOTE: 20230619: Follow fixes from bullseye 11.3 (Beuc/front-desk)
---
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5353d5daf63aca8315b0345d20aa0d377a49b35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5353d5daf63aca8315b0345d20aa0d377a49b35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/9e73196e/attachment-0001.htm>