[Git][security-tracker-team/security-tracker][master] Reserve DLA-3797-1 for frr
Tobias Frost (@tobi)
tobi at debian.org
Sun Apr 28 07:09:48 BST 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60da1161 by Tobias Frost at 2024-04-28T08:09:24+02:00
Reserve DLA-3797-1 for frr
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -129198,7 +129198,6 @@ CVE-2022-37036
CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
- frr 8.4.1-1 (bug #1016978)
[bullseye] - frr <no-dsa> (Minor issue)
- [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/11698
NOTE: https://github.com/FRRouting/frr/pull/11926
NOTE: https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee
@@ -160582,31 +160581,26 @@ CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The
CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
- frr 8.4.1-1 (bug #1008010)
[bullseye] - frr <no-dsa> (Minor issue)
- [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10503
NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26128)
CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...)
- frr 8.4.1-1 (bug #1008010)
[bullseye] - frr <no-dsa> (Minor issue)
- [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10502
NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26129)
CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...)
- frr 8.4.1-1 (bug #1008010)
[bullseye] - frr <no-dsa> (Minor issue)
- [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10487
NOTE: Fixed by https://github.com/FRRouting/frr/pull/10494
CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
- frr 8.4.1-1 (bug #1008010)
[bullseye] - frr <no-dsa> (Minor issue)
- [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10505
NOTE: Fixed by https://github.com/FRRouting/frr/pull/10566
CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
- frr 8.4.1-1 (bug #1008010)
[bullseye] - frr <no-dsa> (Minor issue)
- [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10507
NOTE: Fix (8.2): https://github.com/FRRouting/frr/pull/10542
NOTE: Fix (8.3): https://github.com/FRRouting/frr/pull/10517
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Apr 2024] DLA-3797-1 frr - security update
+ {CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128 CVE-2022-26129 CVE-2022-37035 CVE-2023-38406 CVE-2023-38407 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235 CVE-2024-31948 CVE-2024-31949}
+ [buster] - frr 7.5.1-1.1+deb10u2
[27 Apr 2024] DLA-3796-1 mediawiki - security update
{CVE-2023-51704}
[buster] - mediawiki 1:1.31.16-1+deb10u8
=====================================
data/dla-needed.txt
=====================================
@@ -98,11 +98,6 @@ freeimage
NOTE: 20240412: ELTS also have a need to update this package.
NOTE: 20240412: We should open upstream bug reports and push fixes. See above email discussion. (ola)
--
-frr (tobi)
- NOTE: 20231119: Added by Front-Desk (apo)
- NOTE: 20240206: Continuing fixing the remaining issues (abhijith)
- NOTE: 20240301: continue work (abhijith)
---
glibc (Adrian Bunk)
NOTE: 20240419: Added by coordinator (santiago)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60da116140b9f4d3feddb3db505704a7f53b544a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60da116140b9f4d3feddb3db505704a7f53b544a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240428/6ac88772/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list