[Git][security-tracker-team/security-tracker][master] 3 commits: Claim knot-resolver and wordpress in dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c336754 by Markus Koschany at 2024-04-06T07:39:03+02:00
Claim knot-resolver and wordpress in dla-needed.txt

- - - - -
c9dfd707 by Markus Koschany at 2024-04-06T07:39:56+02:00
Claim jetty9 in dsa-needed.txt

- - - - -
aa44a82e by Markus Koschany at 2024-04-06T07:49:26+02:00
CVE-2024-21733,tomcat9: buster is postponed

Minor issue. Tests fail. Needs more investigation but is not critical.

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19167,6 +19167,7 @@ CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware befor
 CVE-2024-21733 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
 	- tomcat9 9.0.53-1
 	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in next update)
+	[buster] - tomcat9 <postponed> (Minor issue, fix along in next update)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2
 	NOTE: https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a (9.0.44)
 CVE-2024-23387 (FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability ...)


=====================================
data/dla-needed.txt
=====================================
@@ -114,7 +114,7 @@ jenkins-htmlunit-core-js
 jetty9 (Markus Koschany)
   NOTE: 20240303: Added by Front-Desk (apo)
 --
-knot-resolver
+knot-resolver (Markus Koschany)
   NOTE: 20231029: Added by Front-Desk (gladk)
   NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
   NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye. (ola)
@@ -301,7 +301,7 @@ varnish
   NOTE: 20240122: Still fixing tests (abhijith)
   NOTE: 20240213: Fixing tests.(abhijith)
 --
-wordpress
+wordpress (Markus Koschany)
   NOTE: 20240314: Added by coordinator (roberto)
   NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and
   NOTE: 20240314: bookwork. Uploads to spu and ospu should be coordinated. (roberto)


=====================================
data/dsa-needed.txt
=====================================
@@ -31,7 +31,7 @@ gpac/oldstable
 --
 h2o (jmm)
 --
-jetty9
+jetty9 (apo)
 --
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on bullseye-security backports



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80daa719eb36088138336e3dde00f0092652b90e...aa44a82e33686e44233c73cf7cdb6f0da3e0bf53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80daa719eb36088138336e3dde00f0092652b90e...aa44a82e33686e44233c73cf7cdb6f0da3e0bf53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240406/46b4eb73/attachment-0001.htm>