[Git][security-tracker-team/security-tracker][master] 10 commits: LTS: add apache2 to dla-needed.txt

Sun Mar 12 23:27:42 GMT 2023


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51777719 by Thorsten Alteholz at 2023-03-12T23:55:29+01:00
LTS: add apache2 to dla-needed.txt

- - - - -
98184fc7 by Thorsten Alteholz at 2023-03-13T00:01:28+01:00
LTS: add ruby-racks to dla-needed.txt

- - - - -
a92e695d by Thorsten Alteholz at 2023-03-13T00:03:12+01:00
Revert "LTS: add ruby-racks to dla-needed.txt"

This reverts commit 98184fc75622fb669ea31ef6b2dab480d30d2af2.

- - - - -
7bf298af by Thorsten Alteholz at 2023-03-13T00:04:21+01:00
LTS: add ruby-rack to dla-needed.txt

- - - - -
7b32c923 by Thorsten Alteholz at 2023-03-13T00:06:03+01:00
LTS: add libmicrohttpd to dla-needed.txt

- - - - -
88a111f9 by Thorsten Alteholz at 2023-03-13T00:08:05+01:00
mark CVE-2021-33367 as no-dsa for Buster

- - - - -
83fe56dd by Thorsten Alteholz at 2023-03-13T00:09:05+01:00
mark CVE-2022-3213 as no-dsa for Buster

- - - - -
6fd1fd35 by Thorsten Alteholz at 2023-03-13T00:14:48+01:00
mark CVE-2021-37519 as not-affected for Buster

- - - - -
1bdc1a56 by Thorsten Alteholz at 2023-03-13T00:22:00+01:00
claim libmicrohttpd

- - - - -
f36b5073 by Thorsten Alteholz at 2023-03-13T00:27:09+01:00
LTS: add redis to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -42329,6 +42329,7 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy man
 CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
 	- imagemagick <unfixed> (bug #1021141)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
+	[buster] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
@@ -124337,6 +124338,7 @@ CVE-2021-37520
 CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...)
 	- memcached 1.6.10+dfsg-1
 	[bullseye] - memcached <no-dsa> (Minor issue)
+	[buster] - memcached <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/memcached/memcached/issues/805
 	NOTE: https://github.com/memcached/memcached/commit/ddee3e27a031be22f5f28c160be18fd3cb9bc63d (1.6.10)
 CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...)
@@ -134362,6 +134364,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attack
 	- freeimage <unfixed> (bug #1032666)
 	[bookworm] - freeimage <no-dsa> (Minor issue)
 	[bullseye] - freeimage <no-dsa> (Minor issue)
+	[buster] - freeimage <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/
 CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC  ...)
 	- gpac <unfixed> (unimportant)


=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,11 @@ rather than remove/replace existing ones.
   NOTE: 20221231: Few users. Low prio. (opal).
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
 --
+apache2
+  NOTE: 20230312: Programming language: C.
+  NOTE: 20230312: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
+  NOTE: 20230312: Special attention: Double check an update! Package is used by many customers and users!.
+--
 ceph
   NOTE: 20221031: Programming language: C++.
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.
@@ -102,6 +107,9 @@ intel-microcode (tobi)
   NOTE: 20230310: will first fix unstable and stable, then proceed with LTS and ELTS, using the same new upstream version. (tobi)
   NOTE: 20230312: uploaded to DELAYED/5 for unstable.
 --
+libmicrohttpd (Thorsten Alteholz)
+  NOTE: 20230313: Programming language: C.
+--
 libreoffice
   NOTE: 20221012: Programming language: C++.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git
@@ -246,6 +254,10 @@ rainloop
   NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk)
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git
 --
+redis
+  NOTE: 20230313: Programming language: C.
+  NOTE: 20230313: VCS: https://salsa.debian.org/lamby/pkg-redis.git
+--
 ring
   NOTE: 20221120: Programming language: C.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
@@ -254,6 +266,10 @@ ruby-loofah (Daniel Leidert)
   NOTE: 20221231: Programming language: Ruby.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-loofah.git
 --
+ruby-rack
+  NOTE: 20230313: Programming language: Ruby.
+  NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git
+--
 ruby-rails-html-sanitizer
   NOTE: 20221231: Programming language: Ruby.
   NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/392ff63012d3b582d96f91198a57d66731325a92...f36b507333a2efcfd56b4e18ee8333af5f012601

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/392ff63012d3b582d96f91198a57d66731325a92...f36b507333a2efcfd56b4e18ee8333af5f012601
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230312/a3155200/attachment-0001.htm>
