[Git][security-tracker-team/security-tracker][master] reserve DLA-3193-2 for joblib
Helmut Grohne (@helmutg)
helmutg at debian.org
Thu Mar 30 18:08:54 BST 2023
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8127e66 by Helmut Grohne at 2023-03-30T19:08:19+02:00
reserve DLA-3193-2 for joblib
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87199,7 +87199,6 @@ CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
- joblib 1.2.0-1 (bug #1020820)
[bullseye] - joblib <no-dsa> (Minor issue)
- [buster] - joblib <no-dsa> (Minor issue, the fix from +deb10u1 is incomplete)
NOTE: https://github.com/joblib/joblib/issues/1128
NOTE: https://github.com/joblib/joblib/pull/1321
NOTE: Better fix: https://github.com/joblib/joblib/pull/1327
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Mar 2023] DLA-3193-2 joblib - security update
+ {CVE-2022-21797}
+ [buster] - joblib 0.13.0-2+deb10u2
[29 Mar 2023] DLA-3372-1 xorg-server - security update
{CVE-2023-1393}
[buster] - xorg-server 2:1.20.4-1+deb10u9
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8127e66c70941c072c2b934e9a3343b0be6959d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8127e66c70941c072c2b934e9a3343b0be6959d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/d9726efc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list