[Git][security-tracker-team/security-tracker][master] Reserve DLA-3990-1 for avahi
Adrian Bunk (@bunk)
bunk at debian.org
Mon Dec 9 12:07:57 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cc56dc1 by Adrian Bunk at 2024-12-09T14:07:43+02:00
Reserve DLA-3990-1 for avahi
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -109257,7 +109257,6 @@ CVE-2023-3430 (A vulnerability was found in OpenImageIO, where a heap buffer ove
CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi 0.8-14 (bug #1054880)
[bookworm] - avahi <no-dsa> (Minor issue)
- [bullseye] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/avahi/avahi/issues/451
NOTE: https://github.com/avahi/avahi/pull/486
@@ -109266,7 +109265,6 @@ CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists
CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi 0.8-14 (bug #1054879)
[bookworm] - avahi <no-dsa> (Minor issue)
- [bullseye] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/avahi/avahi/issues/452
NOTE: https://github.com/avahi/avahi/pull/490
@@ -109275,7 +109273,6 @@ CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists
CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi 0.8-14 (bug #1054878)
[bookworm] - avahi <no-dsa> (Minor issue)
- [bullseye] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/avahi/avahi/issues/453
NOTE: https://github.com/avahi/avahi/pull/494
@@ -109284,7 +109281,6 @@ CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists
CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi 0.8-14 (bug #1054877)
[bookworm] - avahi <no-dsa> (Minor issue)
- [bullseye] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
NOTE: https://github.com/avahi/avahi/issues/454
NOTE: https://github.com/avahi/avahi/pull/457
@@ -109293,7 +109289,6 @@ CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists
CVE-2023-38469 (A vulnerability was found in Avahi, where a reachable assertion exists ...)
- avahi 0.8-14 (bug #1054876)
[bookworm] - avahi <no-dsa> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
- [bullseye] - avahi <no-dsa> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
[buster] - avahi <postponed> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
NOTE: https://github.com/avahi/avahi/issues/455
NOTE: https://github.com/avahi/avahi/pull/500
@@ -131723,7 +131718,6 @@ CVE-2023-1982 (The Front Editor WordPress plugin through 4.0.4 does not sanitize
CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...)
{DLA-3414-1}
- avahi 0.8-10 (bug #1034594)
- [bullseye] - avahi <no-dsa> (Minor issue)
NOTE: https://github.com/avahi/avahi/issues/375
NOTE: https://github.com/avahi/avahi/pull/407
NOTE: https://github.com/avahi/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Dec 2024] DLA-3990-1 avahi - security update
+ {CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473}
+ [bullseye] - avahi 0.8-5+deb11u3
[09 Dec 2024] DLA-3989-1 ruby-doorkeeper - security update
{CVE-2023-34246}
[bullseye] - ruby-doorkeeper 5.3.0-2+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -34,12 +34,6 @@ ansible
NOTE: 20241120: Waiting for release by Lee testsuite is ok
NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more upstream backport work needed
--
-avahi (Adrian Bunk)
- NOTE: 20241119: Added by Front-Desk (Beuc)
- NOTE: 20241119: Multiple CVEs now fixed upstream: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054880#12
- NOTE: 20241119: Consider coordinating with maintainers to fix in sid, and then in all releases.
- NOTE: 20241119: Also CVE-2023-1981 fixed in both bookworm and buster/stretch/jessie (Beuc/front-desk)
---
busybox (Adrian Bunk)
NOTE: 20241204: Added by Front-Desk (santiago)
NOTE: 20241204: Added to address the CVEs from 2021, after a request from a sponsor
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc56dc18b8dd4a72c4e9cb8e9fb9e003fe12877
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc56dc18b8dd4a72c4e9cb8e9fb9e003fe12877
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241209/a2149baa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list