[Git][security-tracker-team/security-tracker][master] Reserve DLA-3983-1 for clamav

Lucas Kanashiro (@kanashiro) kanashiro at debian.org
Wed Dec 4 23:41:42 GMT 2024 


Lucas Kanashiro pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b97fd700 by Lucas Kanashiro at 2024-12-04T20:41:31-03:00
Reserve DLA-3983-1 for clamav

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23868,12 +23868,10 @@ CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) ...)
 	- clamav 1.4.1+dfsg-1 (bug #1080962)
 	[bookworm] - clamav 1.0.7+dfsg-1~deb12u1
-	[bullseye] - clamav <postponed> (Minor issue)
 	NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
 CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) v ...)
 	- clamav 1.4.1+dfsg-1 (bug #1080962)
 	[bookworm] - clamav 1.0.7+dfsg-1~deb12u1
-	[bullseye] - clamav <postponed> (Minor issue)
 	NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
 CVE-2024-8418 (A flaw was found in Aardvark-dns, which is vulnerable to a Denial of S ...)
 	- aardvark-dns 1.12.2-1 (bug #1080964)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Dec 2024] DLA-3983-1 clamav - security update
+	{CVE-2024-20505 CVE-2024-20506}
+	[bullseye] - clamav 1.0.7+dfsg-1~deb11u1
 [03 Dec 2024] DLA-3982-1 webkit2gtk - security update
 	{CVE-2024-44308 CVE-2024-44309}
 	[bullseye] - webkit2gtk 2.46.4-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -58,10 +58,6 @@ ckeditor3
   NOTE: 20241002: rouca to check EOL'd ckeditor3 -> ckeditor[v4] upgrade path
   NOTE: 20241002: https://lists.debian.org/debian-lts/2024/10/msg00003.html
 --
-clamav
-  NOTE: 20241121: Added by Front-Desk (Beuc)
-  NOTE: 20241121: Bump to 0.103.12 to follow fixes from bookworm 12.8 (2 CVEs) (Beuc/front-desk)
---
 edk2
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97fd700e4104340a17c5cc7e9de0ad987d8a996

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97fd700e4104340a17c5cc7e9de0ad987d8a996
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/904fb39e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list