[Git][security-tracker-team/security-tracker][master] LTS: add gunicorn, jinja2, libpgjava, python-urllib3, renderdoc, and sqlparse

Sat Dec 7 15:22:01 GMT 2024


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
979f8dda by Roberto C. Sánchez at 2024-12-07T10:05:09-05:00
LTS: add gunicorn, jinja2, libpgjava, python-urllib3, renderdoc, and sqlparse

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -108,6 +108,11 @@ gsl
   NOTE: 20241206: CVE-2020-35357 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
   NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/167
 --
+gunicorn
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2024-1135 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/173
+--
 haproxy (Thorsten Alteholz)
   NOTE: 20241201: Added by Front-Desk (ta)
 --
@@ -120,9 +125,19 @@ intel-microcode (tobi)
 jetty9 (Markus Koschany)
   NOTE: 20241110: Added by Front-Desk (apo)
 --
+jinja2
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2024-22195 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/170
+--
 knot-resolver
   NOTE: 20240924: Added by Front-Desk (lamby)
 --
+libpgjava
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2022-31197, CVE-2022-41946, and CVE-2024-1597 were fixed in buster, are still open (no-dsa) in bullseye (all 3) and bookworm (only CVE-2024-1597)
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/168
+--
 libsoup2.4 (Adrian Bunk)
   NOTE: 20241121: Added by Front-Desk (Beuc)
   NOTE: 20241121: Fix in unstable first, following libsoup3.
@@ -166,6 +181,11 @@ python-aiohttp
 python-tornado (dleidert)
   NOTE: 20241130: Added by Front-Desk (ta)
 --
+python-urllib3
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2023-43804 and CVE-2023-45803 were fixed in buster, are still open (no-dsa) in bullseye and bookworm
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/174
+--
 python-werkzeug (Sean Whitton)
   NOTE: 20241110: Added by Front-Desk (apo)
 --
@@ -177,6 +197,11 @@ qemu (santiago)
   NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
   NOTE: 20241119: Bookworm PU in progress https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086572
 --
+renderdoc
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2023-33863, CVE-2023-33864, and CVE-2023-33865 were fixed in buster, are still open (no-dsa) in bullseye and bookworm
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/171
+--
 ruby-doorkeeper
   NOTE: 20241206: Added by coordinator (roberto)
   NOTE: 20241206: CVE-2023-34246 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
@@ -200,6 +225,11 @@ spip
   NOTE: 20240922: Knowing French may be useful. Determined fixing commit by
   NOTE: 20240922: diffing the releases on the 4.1.x branch. 3.x is already EOL. (apo)
 --
+sqlparse
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2023-30608 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/175
+--
 squid
   NOTE: 20240308: Added by oldstable Security Team (apo)
   NOTE: 20240308: Readd squid to dsa-needed.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/979f8dda8110c4e1283114cb737d47d3264835e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/979f8dda8110c4e1283114cb737d47d3264835e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241207/65f00127/attachment-0001.htm>
