[Git][security-tracker-team/security-tracker][master] Reserve DLA-3634-1 for nss

Sat Oct 28 15:06:50 BST 2023


Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23dd068e by Sean Whitton at 2023-10-28T15:06:31+01:00
Reserve DLA-3634-1 for nss

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -222425,7 +222425,6 @@ CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
 CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...)
 	- nss 2:3.58-1
-	[buster] - nss <no-dsa> (Minor issue)
 	[stretch] - nss <no-dsa> (Minor issue)
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Oct 2023] DLA-3634-1 nss - security update
+	{CVE-2020-25648 CVE-2023-4421}
+	[buster] - nss 2:3.42.1-1+deb10u7
 [28 Oct 2023] DLA-3633-1 gst-plugins-bad1.0 - security update
 	{CVE-2023-40474 CVE-2023-40475 CVE-2023-40476}
 	[buster] - gst-plugins-bad1.0 1.14.4-1+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -129,11 +129,6 @@ nova
   NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. (lamby)
 --
-nss (Sean Whitton)
-  NOTE: 20231015: Added by Front-Desk (ta)
-  NOTE: 20231027: Patches backported.  New tests for CVE-2020-25648 do not pass.
-  NOTE: 20231027: Asked upstream dev-tech-crypto ML (spwhitton).
---
 nvidia-cuda-toolkit
   NOTE: 20230514: Added by Front-Desk (utkarsh)
   NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23dd068e50af44a19d3ffc6ae5471bdbe3754904

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23dd068e50af44a19d3ffc6ae5471bdbe3754904
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231028/f018ebc7/attachment-0001.htm>
