[Git][security-tracker-team/security-tracker][master] Reserve DLA-3795-1 for knot-resolver
Markus Koschany (@apo)
apo at debian.org
Fri Apr 26 06:35:26 BST 2024
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d58a1355 by Markus Koschany at 2024-04-26T07:35:06+02:00
Reserve DLA-3795-1 for knot-resolver
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -294164,7 +294164,6 @@ CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by callin
NOT-FOR-US: Jinjava
CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...)
- knot-resolver 5.1.1-0.1 (bug #961076)
- [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b
NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118
@@ -325401,7 +325400,6 @@ CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kerne
NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...)
- knot-resolver 5.0.1-1 (bug #946181)
- [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4
CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...)
NOT-FOR-US: Wikibase Wikidata Query Service GUI
@@ -356412,13 +356410,11 @@ CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hype
NOTE: https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f (5.0.4)
CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot resolver before ...)
- knot-resolver 5.0.1-1 (bug #932048)
- [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839
NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot resol ...)
- knot-resolver 5.0.1-1 (bug #932048)
- [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Apr 2024] DLA-3795-1 knot-resolver - security update
+ {CVE-2019-10190 CVE-2019-10191 CVE-2019-19331 CVE-2020-12667}
+ [buster] - knot-resolver 3.2.1-3+deb10u2
[25 Apr 2024] DLA-3794-1 putty - security update
{CVE-2020-14002 CVE-2021-36367 CVE-2023-48795 CVE-2019-17069}
[buster] - putty 0.74-1+deb11u1~deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -124,11 +124,6 @@ jenkins-htmlunit-core-js
NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it may
NOTE: 20231231: … indeed be vulnerable. (lamby)
--
-knot-resolver
- NOTE: 20231029: Added by Front-Desk (gladk)
- NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
- NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye. (ola)
---
less (Abhijith PA)
NOTE: 20240418: Added by Front-Desk (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58a13559c87c505e23427b90a9de979336e05e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58a13559c87c505e23427b90a9de979336e05e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240426/de2bcb09/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list