[Git][security-tracker-team/security-tracker][master] Reserve DLA-3351-1 for apache2
Lee Garrett (@lgarrett)
gitlab at salsa.debian.org
Fri Mar 3 14:46:03 GMT 2023
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00
Reserve DLA-3351-1 for apache2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -132879,7 +132879,6 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
- apache2 2.4.48-4
[bullseye] - apache2 2.4.48-3.1+deb11u1
- [buster] - apache2 <postponed> (Fix along with next DLA)
[stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25)
NOTE: https://portswigger.net/research/http2
NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c (2.4.49)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Mar 2023] DLA-3351-1 apache2 - security update
+ {CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193 CVE-2022-36760 CVE-2022-37436}
+ [buster] - apache2 2.4.38-3+deb10u9
[03 Mar 2023] DLA-3350-1 node-css-what - security update
{CVE-2021-33587 CVE-2022-21222}
[buster] - node-css-what 2.1.0-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -18,12 +18,6 @@ rather than remove/replace existing ones.
NOTE: 20221231: Few users. Low prio. (opal).
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
--
-apache2 (Lee Garrett)
- NOTE: 20221227: Programming language: C.
- NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
- NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!.
- NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee)
---
ceph
NOTE: 20221031: Programming language: C++.
NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/b1f60b14/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list