[Git][security-tracker-team/security-tracker][master] Add notes for golang-yaml.v2 and python-oslo.privsep.

[Scarlett Gately Moore (@sgmoore)]

Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be768f13 by Scarlett Moore at 2023-05-25T08:14:28-07:00
Add notes for golang-yaml.v2 and python-oslo.privsep.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -55,6 +55,7 @@ golang-yaml.v2 (sgmoore)
   NOTE: 20230125: Programming language: Go.
   NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
   NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't).
+  NOTE: 20230525: In review with utkarsh.
 --
 hdf5
   NOTE: 20230318: Programming language: C.
@@ -143,6 +144,8 @@ php-cas
 python-oslo.privsep
   NOTE: 20221231: Programming language: Python.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
+  NOTE: 20230525: CVE-2022-38065 has been marked as Won't-fix/Hardening opportunity.
+  NOTE: 20230525: It was mentioned the fix was easy but tedious. It is consumer design flaw issue.
 --
 python3.7
   NOTE: 20230220: Programming language: Python.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be768f13700c4e433387c4e84eb0283a6cb3fb5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be768f13700c4e433387c4e84eb0283a6cb3fb5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230525/6f62efac/attachment.htm>