[Git][security-tracker-team/security-tracker][master] 2 commits: dla: more sponsored packages to sync with bookworm pu

Wed Aug 14 13:25:23 BST 2024


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
603d1993 by Sylvain Beucler at 2024-08-14T14:12:45+02:00
dla: more sponsored packages to sync with bookworm pu

- - - - -
810df5ea by Sylvain Beucler at 2024-08-14T14:24:46+02:00
dla: sync dsa-needed.txt

- - - - -


1 changed file:

- data/dla-needed.prospective


Changes:

=====================================
data/dla-needed.prospective
=====================================
@@ -37,6 +37,10 @@ amanda
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from buster DLA-3681-1 (3 CVEs) and bookworm 12.4 (CVE-2023-30577) (Beuc/front-desk)
 --
+asterisk
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: CVE-2024-42365 is privilege escalation. (Beuc/front-desk)
+--
 bind9
   NOTE: 20240729: Added by oldstable Security Team (carnil)
   NOTE: 20240729: Followup improvement for bullseye, though candidate as well for pu (carnil)
@@ -87,7 +91,7 @@ exim4
 --
 ffmpeg
   NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Upgrade to 4.3.8 (Beuc/front-desk)
+  NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
 --
 frr (Tobias Frost)
   NOTE: 20231107: Added by oldstable Security Team (jmm)
@@ -113,8 +117,16 @@ glance (Thomas Goirand)
 --
 glewlwyd
   NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Follow fixes from bookworm 12.6 (2 CVEs)
-  NOTE: 20240815: Consider fixing postponed CVEs (Beuc/front-desk)
+  NOTE: 20240815: A couple minor issues could be sync'd from bookworm, and a few postponed, but this can wait.
+  NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
+  NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
+glibc
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: A couple minor issues could be sync'd from bookworm but this can wait.
+  NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076832
+  NOTE: 20240815: pu syncs with 2.31 upstream branch
+  NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
 --
 gnutls28
   NOTE: 20240815: Added by Front-Desk (Beuc)
@@ -190,6 +202,15 @@ php-horde-turba (Mike Gabriel)
   NOTE: 20240815: considered for EOL, sunweaver to work on an update
   NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
 --
+proftpd-dfsg
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.5 (2 CVEs) (Beuc/front-desk)
+--
+pymongo (Bastien Roucarès)
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073529 (CVE-2024-5629)
+  NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
 python-aiohttp
   NOTE: 20240523: Added by oldstable Security Team (jmm)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
@@ -198,6 +219,10 @@ python-asyncssh
   NOTE: 20240105: Added by oldstable Security Team (jmm)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
 --
+python-git
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from buster DLA-3589-1, buster DLA-3502-1 and bookworm 12.2 (3 CVEs) (Beuc/front-desk)
+--
 python-html-sanitizer
   NOTE: 20240815: Added by Front-Desk (Beuc)
 --
@@ -212,6 +237,10 @@ qemu
   NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2024-3446,CVE-2024-3447)
   NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
 --
+redis
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from buster DLA-3361-1, DLA-3396-1 and bookworm DLA-3361-1 (3 CVEs) (Beuc/front-desk)
+--
 ring
   NOTE: 20230301: Added by oldstable Security Team (jmm)
   NOTE: 20230301: might make sense to rebase to current version (jmm)
@@ -248,6 +277,9 @@ setuptools
   NOTE: 20240730: Added by oldstable Security Team (jmm)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
 --
+smarty3
+  NOTE: 20240814: Added by oldstable Security Team (jmm)
+--
 squid
   NOTE: 20240308: Added by oldstable Security Team (apo)
   NOTE: 20240308: Readd squid to dsa-needed.txt
@@ -259,6 +291,10 @@ systemd
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from bookworm 12.5 and 12.6 (3 CVEs) (Beuc/front-desk)
 --
+texlive-bin
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2023-32668) (Beuc/front-desk)
+--
 tinyproxy
   NOTE: 20240609: Added by oldstable Security Team (jmm)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00159079d4fd3770173c84fb71a003e51a843e36...810df5ea805be3242383a27466c9ae41c06fbf63

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00159079d4fd3770173c84fb71a003e51a843e36...810df5ea805be3242383a27466c9ae41c06fbf63
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240814/37fd8082/attachment-0001.htm>
