[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add cairosvg to dla-needed.txt

Anton Gladky (@gladk) gladk at debian.org
Thu Mar 23 05:44:17 GMT 2023 


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9a4b6ef by Anton Gladky at 2023-03-23T06:35:18+01:00
LTS: add cairosvg to dla-needed.txt

- - - - -
4eb3147e by Anton Gladky at 2023-03-23T06:39:48+01:00
Mark CVE-2023-1289 as postponed for buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2536,6 +2536,7 @@ CVE-2023-1289
 	RESERVED
 	- imagemagick <unfixed> (bug #1033254)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
+	[buster] - imagemagick <postponed> (Should be fixed together with some other CVEs)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
 CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA Live Co ...)


=====================================
data/dla-needed.txt
=====================================
@@ -23,6 +23,9 @@ apache2
   NOTE: 20230312: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
   NOTE: 20230312: Special attention: Double check an update! Package is used by many customers and users!.
 --
+cairosvg
+  NOTE: 20230323: Programming language: Python.
+--
 ceph
   NOTE: 20221031: Programming language: C++.
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ed43841f38719e4bc2339a4b3daf89f5bf9b47a7...4eb3147efe322b3bd57a98dc2736db546cda8fe7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ed43841f38719e4bc2339a4b3daf89f5bf9b47a7...4eb3147efe322b3bd57a98dc2736db546cda8fe7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230323/a3e05e67/attachment.htm>

More information about the debian-security-tracker-commits mailing list