[Git][security-tracker-team/security-tracker][master] Reserve DLA-3435-1 for rainloop

Guilhem Moulin (@guilhem) guilhem at debian.org
Sat May 27 23:37:31 BST 2023 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dac54e4f by Guilhem Moulin at 2023-05-28T00:37:13+02:00
Reserve DLA-3435-1 for rainloop

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -282851,7 +282851,6 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
 	- rainloop 1.14.0-1
-	[buster] - rainloop <no-dsa> (Minor issue)
 	NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
 CVE-2019-13388
 	RESERVED


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 May 2023] DLA-3435-1 rainloop - security update
+	{CVE-2019-13389 CVE-2022-29360}
+	[buster] - rainloop 1.12.1-2+deb10u1
 [27 May 2023] DLA-3434-1 sysstat - security update
 	{CVE-2023-33204}
 	[buster] - sysstat 12.0.3-2+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -179,15 +179,6 @@ rails
   NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh)
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rails.git
 --
-rainloop (guilhem)
-  NOTE: 20220913: Programming language: PHP, JavaScript.
-  NOTE: 20220913: Special attention: orphaned as of 2022-09.
-  NOTE: 20220913: Upstream appeared dead but there was activity 2 weeks ago,
-  NOTE: 20220913: a "SnappyMail" fork exists and may have patches we can use,
-  NOTE: 20220913: also there's an unofficial one for CVE-2022-29360;
-  NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk)
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git
---
 ring (Thorsten Alteholz)
   NOTE: 20221120: Programming language: C++.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac54e4f76fec3f80e41e67fd4fbff45dda2b432

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac54e4f76fec3f80e41e67fd4fbff45dda2b432
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230527/68551f70/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list