[Git][security-tracker-team/security-tracker][master] Reserve DLA-3371-1 for unbound

Markus Koschany (@apo) apo at debian.org
Wed Mar 29 13:46:55 BST 2023



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08d0cf16 by Markus Koschany at 2023-03-29T14:46:34+02:00
Reserve DLA-3371-1 for unbound

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45401,7 +45401,6 @@ CVE-2022-3205 (Cross site scripting in automation controller UI in Red Hat Ansib
 CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
 	- unbound 1.16.3-1
 	[bullseye] - unbound <no-dsa> (Minor issue)
-	[buster] - unbound <no-dsa> (Minor issue)
 	NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 (release-1.16.3)
 CVE-2022-3203 (On ORing net IAP-420(+) with FW version 2.0m a telnet server is enable ...)
@@ -72626,13 +72625,11 @@ CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro
 CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable  ...)
 	- unbound 1.16.2-1 (bug #1016493)
 	[bullseye] - unbound <no-dsa> (Minor issue)
-	[buster] - unbound <no-dsa> (Minor issue)
 	NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
 	NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
 CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...)
 	- unbound 1.16.2-1 (bug #1016493)
 	[bullseye] - unbound <no-dsa> (Minor issue)
-	[buster] - unbound <no-dsa> (Minor issue)
 	NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
 	NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)
 CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -177587,7 +177584,6 @@ CVE-2020-28935 (NLnet Labs Unbound, up to and including version 1.12.0, and NLne
 	[buster] - nsd <no-dsa> (Minor issue)
 	[stretch] - nsd <no-dsa> (Minor issue)
 	- unbound 1.13.0-1 (bug #977165)
-	[buster] - unbound <no-dsa> (Minor issue)
 	[stretch] - unbound <end-of-life> (DSA 4694-1)
 	NOTE: https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt
 	NOTE: https://github.com/NLnetLabs/nsd/commit/a4caec3137a1bc9eca05d38d66e2bce572ca9bd3 (NSD_4_3_4_RC1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Mar 2023] DLA-3371-1 unbound - security update
+	{CVE-2020-28935 CVE-2022-3204 CVE-2022-30698 CVE-2022-30699}
+	[buster] - unbound 1.9.0-2+deb10u3
 [28 Mar 2023] DLA-3370-1 xrdp - security update
 	{CVE-2022-23468 CVE-2022-23478 CVE-2022-23479 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493}
 	[buster] - xrdp 0.9.9-1+deb10u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08d0cf1687b31ab3b4b124a9021b7b9a787c9b2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08d0cf1687b31ab3b4b124a9021b7b9a787c9b2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230329/01acda57/attachment.htm>


More information about the debian-security-tracker-commits mailing list