[Git][security-tracker-team/security-tracker][master] 3 commits: Add and claim libgit2 in dla-needed

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Mon Feb 12 12:56:04 GMT 2024 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1cb5d7a by Utkarsh Gupta at 2024-02-12T18:17:25+05:30
Add and claim libgit2 in dla-needed

- - - - -
8ff24ba1 by Utkarsh Gupta at 2024-02-12T18:23:47+05:30
Mark CVE-2024-21490/angular.js as postponed for buster

- - - - -
86f93413 by Utkarsh Gupta at 2024-02-12T18:25:45+05:30
Mark CVE-2024-25711/diffoscope as no-dsa for buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -151,6 +151,7 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framewo
 	TODO: check
 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
 	- angular.js <unfixed>
+	[buster] - angular.js <postponed> (Fix along with the next DLA)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
 CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been decl ...)
 	NOT-FOR-US: Linksys
@@ -176,6 +177,7 @@ CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete enabl
 	NOT-FOR-US: HCL / Sametime application
 CVE-2024-25711 (diffoscope before 256 allows directory traversal via an embedded filen ...)
 	- diffoscope 256
+	[buster] - diffoscope <no-dsa> (Minor issue; fix it along the next DLA)
 	NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
 	NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476 (256)
 CVE-2024-25679 (In PQUIC before 5bde5bb, retention of unused initial encryption keys a ...)


=====================================
data/dla-needed.txt
=====================================
@@ -126,6 +126,10 @@ jenkins-htmlunit-core-js
 knot-resolver (Markus Koschany)
   NOTE: 20231029: Added by Front-Desk (gladk)
 --
+libgit2 (utkarsh)
+  NOTE: 20240212: Added by Front-Desk (utkarsh)
+  NOTE: 20240212: taking with my maintainer hat on (utkarsh)
+--
 libreswan
   NOTE: 20230817: Added by Front-Desk (ta)
   NOTE: 20230909: Prepared a patch for CVE-2023-38712 and pushed it to



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/386fab4b6169694777d815bbe08a7880c3ab7745...86f93413de91470181035a616bf6bd60112e1d8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/386fab4b6169694777d815bbe08a7880c3ab7745...86f93413de91470181035a616bf6bd60112e1d8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240212/8f2e3722/attachment.htm>

More information about the debian-security-tracker-commits mailing list