[Git][security-tracker-team/security-tracker][master] Reserve DLA-3351-1 for apache2

Fri Mar 3 14:46:03 GMT 2023


Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00
Reserve DLA-3351-1 for apache2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -132879,7 +132879,6 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
 CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
 	- apache2 2.4.48-4
 	[bullseye] - apache2 2.4.48-3.1+deb11u1
-	[buster] - apache2 <postponed> (Fix along with next DLA)
 	[stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25)
 	NOTE: https://portswigger.net/research/http2
 	NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c (2.4.49)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Mar 2023] DLA-3351-1 apache2 - security update
+	{CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193 CVE-2022-36760 CVE-2022-37436}
+	[buster] - apache2 2.4.38-3+deb10u9
 [03 Mar 2023] DLA-3350-1 node-css-what - security update
 	{CVE-2021-33587 CVE-2022-21222}
 	[buster] - node-css-what 2.1.0-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -18,12 +18,6 @@ rather than remove/replace existing ones.
   NOTE: 20221231: Few users. Low prio. (opal).
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
 --
-apache2 (Lee Garrett)
-  NOTE: 20221227: Programming language: C.
-  NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
-  NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!.
-  NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee)
---
 ceph
   NOTE: 20221031: Programming language: C++.
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/b1f60b14/attachment-0001.htm>
