[Git][security-tracker-team/security-tracker][master] Detangle non-common set of CVE fixes for bullseye and bookworm for DSA-5495-1

Mon Sep 11 20:46:06 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f4a5bb5 by Salvatore Bonaccorso at 2023-09-11T21:45:44+02:00
Detangle non-common set of CVE fixes for bullseye and bookworm for DSA-5495-1

CVE-2022-36440, CVE-2022-40302, CVE-2022-40318, CVE-2022-43681 only
needed a fix in bullseye and were already fixed in bookworm. To keep the
denotion of the first version hitting the archive with the fix in the
espective suite apply our workaround and detangle the common set by
removing the listing in the DSA list and explicitly track the suite fix
in CVE list.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61031,8 +61031,8 @@ CVE-2022-43683
 CVE-2022-43682
 	RESERVED
 CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...)
-	{DSA-5495-1}
 	- frr 8.4.1-1 (bug #1035829)
+	[bullseye] - frr 7.5.1-1.1+deb11u2
 	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13427
 	NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -70371,8 +70371,8 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
 CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...)
 	NOT-FOR-US: LISTSERV
 CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
-	{DSA-5495-1}
 	- frr 8.4.1-1 (bug #1035829)
+	[bullseye] - frr 7.5.1-1.1+deb11u2
 	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13427
 	NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -70439,8 +70439,8 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
 CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
-	{DSA-5495-1}
 	- frr 8.4.1-1 (bug #1035829)
+	[bullseye] - frr 7.5.1-1.1+deb11u2
 	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13427
 	NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -80886,8 +80886,8 @@ CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19.
 CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...)
 	NOT-FOR-US: Zebra Enterprise Home Screen
 CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...)
-	{DSA-5495-1}
 	- frr 8.4.1-1
+	[bullseye] - frr 7.5.1-1.1+deb11u2
 	[buster] - frr <ignored> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13202
 	NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4)


=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
 [11 Sep 2023] DSA-5495-1 frr - security update
-	{CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681 CVE-2023-31490 CVE-2023-38802 CVE-2023-41358}
+	{CVE-2023-31490 CVE-2023-38802 CVE-2023-41358}
 	[bullseye] - frr 7.5.1-1.1+deb11u2
 	[bookworm] - frr 8.4.4-1.1~deb12u1
 [10 Sep 2023] DSA-5494-1 mutt - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4a5bb5ff55ec3d984d50910867bf72d11e0d3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4a5bb5ff55ec3d984d50910867bf72d11e0d3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/80d4956a/attachment-0001.htm>
