[Git][security-tracker-team/security-tracker][master] Reserve DLA-3998-1 for python-urllib3
Guilhem Moulin (@guilhem)
guilhem at debian.org
Sat Dec 21 15:51:18 GMT 2024
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d19e0030 by Guilhem Moulin at 2024-12-21T16:51:00+01:00
Reserve DLA-3998-1 for python-urllib3
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -48150,7 +48150,6 @@ CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When
[experimental] - python-urllib3 2.2.3-1
- python-urllib3 2.2.3-3 (bug #1074149)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
- [bullseye] - python-urllib3 <no-dsa> (Minor issue)
NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
NOTE: https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e (2.2.2)
CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. A reques ...)
@@ -110877,7 +110876,6 @@ CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urlli
{DLA-3649-1}
- python-urllib3 1.26.18-1 (bug #1054226)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
- [bullseye] - python-urllib3 <no-dsa> (Minor issue)
NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
NOTE: https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 (1.26.18)
CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -113277,7 +113275,6 @@ CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urlli
{DLA-3610-1}
- python-urllib3 1.26.17-1 (bug #1053626)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
- [bullseye] - python-urllib3 <no-dsa> (Minor issue)
NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
NOTE: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb (1.26.17)
CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 b ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Dec 2024] DLA-3998-1 python-urllib3 - security update
+ {CVE-2023-43804 CVE-2023-45803 CVE-2024-37891}
+ [bullseye] - python-urllib3 1.26.5-1~exp1+deb11u1
[21 Dec 2024] DLA-3997-1 php-laravel-framework - security update
{CVE-2024-52301}
[bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u2
=====================================
data/dla-needed.txt
=====================================
@@ -164,11 +164,6 @@ python-django (Chris Lamb)
python-tornado (dleidert)
NOTE: 20241130: Added by Front-Desk (ta)
--
-python-urllib3 (guilhem)
- NOTE: 20241206: Added by coordinator (roberto)
- NOTE: 20241206: CVE-2023-43804 and CVE-2023-45803 were fixed in buster, are still open (no-dsa) in bullseye and bookworm
- NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/174
---
qemu
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d19e0030ee9bdb3dd1f788dc60e94c90ad1cb488
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d19e0030ee9bdb3dd1f788dc60e94c90ad1cb488
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241221/59fef205/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list