[Git][security-tracker-team/security-tracker][master] Reserve DLA-3573-1 for frr

Markus Koschany (@apo) apo at debian.org
Tue Sep 19 20:34:06 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf312d1a by Markus Koschany at 2023-09-19T21:33:52+02:00
Reserve DLA-3573-1 for frr

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16245,7 +16245,6 @@ CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.1
 CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
 	{DSA-5495-1}
 	- frr 8.4.4-1 (bug #1036062)
-	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13099
 	NOTE: https://github.com/FRRouting/frr/pull/12454
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/06431bfa7570f169637ebb5898f0b0cc3b010802
@@ -62200,7 +62199,6 @@ CVE-2022-43682
 CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...)
 	- frr 8.4.1-1 (bug #1035829)
 	[bullseye] - frr 7.5.1-1.1+deb11u2
-	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13427
 	NOTE: https://github.com/FRRouting/frr/issues/13480
 	NOTE: https://github.com/FRRouting/frr/commit/6c4ca9812976596bf8b5226600269fc4031f1422 (frr-8.4)
@@ -71539,7 +71537,6 @@ CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct
 CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
 	- frr 8.4.1-1 (bug #1035829)
 	[bullseye] - frr 7.5.1-1.1+deb11u2
-	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13427
 	NOTE: https://github.com/FRRouting/frr/issues/13480
 	NOTE: https://github.com/FRRouting/frr/commit/1117baca3c592877a4d8a13ed6a1d9bd83977487 (base_8.4)
@@ -71607,7 +71604,6 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a
 CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
 	- frr 8.4.1-1 (bug #1035829)
 	[bullseye] - frr 7.5.1-1.1+deb11u2
-	[buster] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13427
 	NOTE: https://github.com/FRRouting/frr/issues/13480
 	NOTE: https://github.com/FRRouting/frr/commit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4)
@@ -82054,7 +82050,6 @@ CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19.
 CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...)
 	- frr 8.4.1-1
 	[bullseye] - frr 7.5.1-1.1+deb11u2
-	[buster] - frr <ignored> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/13202
 	NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4)
 	NOTE: https://github.com/spwpun/pocs/blob/main/frr-bgpd.md


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Sep 2023] DLA-3573-1 frr - security update
+	{CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681 CVE-2023-31490 CVE-2023-38802 CVE-2023-41358 CVE-2023-41360 CVE-2023-41361 CVE-2023-41909}
+	[buster] - frr 7.5.1-1.1+deb10u1
 [19 Sep 2023] DLA-3572-1 libyang - security update
 	{CVE-2019-20391 CVE-2019-20392 CVE-2019-20393 CVE-2019-20394 CVE-2019-20395 CVE-2019-20396 CVE-2019-20397 CVE-2019-20398}
 	[buster] - libyang 0.16.105+really1.0-0+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -81,9 +81,6 @@ freeimage (gladk)
   NOTE: 20230826: about this. Anyway, too many CVEs piled up. I feel we should roll
   NOTE: 20230826: out the DLA/ELA now. (utkarsh)  
 --
-frr (Markus Koschany)
-  NOTE: 20230901: Added by Front-Desk (gladk)
---
 gerbv (Adrian Bunk)
   NOTE: 20230903: Added by Front-Desk (gladk)
   NOTE: 20230918: DLA coming soon. (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf312d1abfc605549ed9078adaa8a330ec4f5e6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf312d1abfc605549ed9078adaa8a330ec4f5e6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230919/8f882df2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list