[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-28100,CVE-2023-28101/flatpak: reference patches

Sylvain Beucler (@beuc) beuc at debian.org
Tue Jun 20 17:14:46 BST 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07f19f44 by Sylvain Beucler at 2023-06-20T18:13:02+02:00
CVE-2023-28100,CVE-2023-28101/flatpak: reference patches

- - - - -
d686a698 by Sylvain Beucler at 2023-06-20T18:14:28+02:00
dla: add flatpak

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14551,11 +14551,18 @@ CVE-2023-28101 (Flatpak is a system for building, distributing, and running sand
 	[bullseye] - flatpak 1.10.8-0+deb11u1
 	[buster] - flatpak <no-dsa> (Minor issue)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
+	NOTE: https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869 (1.15.4)
+	NOTE: https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c (1.15.4)
+	NOTE: https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c (1.15.4)
+	NOTE: https://github.com/flatpak/flatpak/commit/acd627a2fabe9856947399044dbf7aa79247c75b (1.10.8)
+	NOTE: https://github.com/flatpak/flatpak/commit/e88eedce76f79a5573df4fc38b344bbeaf7af024 (1.10.8)
 CVE-2023-28100 (Flatpak is a system for building, distributing, and running sandboxed  ...)
 	- flatpak 1.14.4-1 (bug #1033099)
 	[bullseye] - flatpak 1.10.8-0+deb11u1
 	[buster] - flatpak <no-dsa> (Minor issue)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
+	NOTE: https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 (1.15.4)
+	NOTE: https://github.com/flatpak/flatpak/commit/a9bf18040cc075a70657c6090a59d7f6fe78f893 (1.10.8)
 CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
 	NOT-FOR-US: OpenSIPS
 CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -58,6 +58,10 @@ erlang (Markus Koschany)
   NOTE: 20221119: Added by Front-Desk (ta)
   NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
 --
+flatpak
+  NOTE: 20230620: Added by Front-Desk (Beuc)
+  NOTE: 20230620: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
 fusiondirectory (Abhijith PA)
   NOTE: 20221203: Added by Front-Desk (gladk)
   NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ac21a6809e0afba43fc939c07fe7843c088794...d686a6983f6d7b2fc100ed8551d3dc6fc3f95acc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ac21a6809e0afba43fc939c07fe7843c088794...d686a6983f6d7b2fc100ed8551d3dc6fc3f95acc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/99ead563/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list