[Git][security-tracker-team/security-tracker][master] 5 commits: data/dla-needed.txt: Triage memcached for buster LTS (CVE-2022-48571)

Wed Sep 6 19:54:27 BST 2023


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60553ba4 by Chris Lamb at 2023-09-06T11:28:55-07:00
data/dla-needed.txt: Triage memcached for buster LTS (CVE-2022-48571)

- - - - -
36360fae by Chris Lamb at 2023-09-06T11:29:33-07:00
data/dla-needed.txt: Claim memcached.

- - - - -
f156e636 by Chris Lamb at 2023-09-06T11:49:56-07:00
Triage CVE-2023-39615 in libxml2 for buster LTS.

- - - - -
0075013d by Chris Lamb at 2023-09-06T11:50:19-07:00
Triage CVE-2023-28736 in mdadm for buster LTS.

- - - - -
1d4c8f9d by Chris Lamb at 2023-09-06T11:53:50-07:00
data/dla-needed.txt: Triage libraw for buster LTS (CVE-2020-22628)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1275,6 +1275,7 @@ CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffe
 	- libxml2 <unfixed> (bug #1051230)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
 	[bullseye] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9
 	NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129
@@ -21429,6 +21430,7 @@ CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools sof
 CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...)
 	- mdadm 4.2-1
 	[bullseye] - mdadm <no-dsa> (Minor issue)
+	[buster] - mdadm <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=ced5fa8b170ad448f4076e24a10c731b5cfb36ce (mdadm-4.2)
 CVE-2023-28717


=====================================
data/dla-needed.txt
=====================================
@@ -100,6 +100,9 @@ imagemagick
   NOTE: 20230622: Added by Front-Desk (Beuc)
   NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk)
 --
+libraw
+  NOTE: 20230906: Added by Front-Desk (lamby)
+--
 libreswan (Markus Koschany)
   NOTE: 20230817: Added by Front-Desk (ta)
 --
@@ -109,6 +112,10 @@ libssh2 (guilhem)
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --
+memcached (Chris Lamb)
+  NOTE: 20230906: Added by Front-Desk (lamby)
+  NOTE: 20230906: lamby is maintainer (lamby)
+--
 nova
   NOTE: 20230302: Re-add, request by maintainer (Beuc)
   NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/447f0bef693fcc343348b4e203130c1c6c94ac1b...1d4c8f9d5648006924441893b76a8663772dc2a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/447f0bef693fcc343348b4e203130c1c6c94ac1b...1d4c8f9d5648006924441893b76a8663772dc2a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/86ac243b/attachment-0001.htm>
