[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-5511-1 mosquitto

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e92462c4 by Markus Koschany at 2023-10-01T21:14:32+02:00
Reserve DSA-5511-1 mosquitto

- - - - -
93bfc428 by Markus Koschany at 2023-10-01T21:15:32+02:00
CVE-2021-41039,mosquitto: Mark Bullseye as fixed in version 2.0.11-1+deb11u1

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -145932,7 +145932,7 @@ CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, t
 	NOT-FOR-US: Eclipse Wakaama
 CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...)
 	- mosquitto 2.0.11-1.2 (bug #1001028)
-	[bullseye] - mosquitto <no-dsa> (Minor issue)
+	[bullseye] - mosquitto 2.0.11-1+deb11u1
 	[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
 	[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
@@ -162484,8 +162484,6 @@ CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension al
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
 	- mosquitto 2.0.15-1 (bug #993400)
-	[bookworm] - mosquitto <no-dsa> (Minor issue)
-	[bullseye] - mosquitto <no-dsa> (Minor issue)
 	[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
 	[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[01 Oct 2023] DSA-5511-1 mosquitto - security update
+	{CVE-2021-34434 CVE-2023-0809 CVE-2023-3592 CVE-2023-28366}
+	[bullseye] - mosquitto 2.0.11-1+deb11u1
+	[bookworm] - mosquitto 2.0.11-1.2+deb12u1
 [29 Sep 2023] DSA-5510-1 libvpx - security update
 	{CVE-2023-5217}
 	[bullseye] - libvpx 1.9.0-1+deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -34,8 +34,6 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions
 --
-mosquitto (apo)
---
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb645b353882fde01e99d5488fb9ebcae1002eda...93bfc42850c9f06c82dc245db2e046ab3b68def0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb645b353882fde01e99d5488fb9ebcae1002eda...93bfc42850c9f06c82dc245db2e046ab3b68def0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231001/7243d40b/attachment.htm>