[Git][security-tracker-team/security-tracker][master] Reserve DLA-3712-1 for kodi

Wed Jan 17 10:22:40 GMT 2024


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc67988d by Abhijith PA at 2024-01-17T15:52:17+05:30
Reserve DLA-3712-1 for kodi

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41801,7 +41801,6 @@ CVE-2023-30208
 CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater Software 19.5 a ...)
 	- kodi 2:20.0~rc2+dfsg-2 (bug #1040593)
 	[bullseye] - kodi <no-dsa> (Minor issue)
-	[buster] - kodi <no-dsa> (Minor issue)
 	NOTE: https://github.com/xbmc/xbmc/issues/22378
 	NOTE: https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73
 	NOTE: https://github.com/xbmc/xbmc/pull/22391
@@ -63494,7 +63493,6 @@ CVE-2023-23083
 CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Software up  ...)
 	- kodi 2:20.0+dfsg-2 (bug #1031048)
 	[bullseye] - kodi <no-dsa> (Minor issue)
-	[buster] - kodi <no-dsa> (Minor issue)
 	NOTE: https://github.com/xbmc/xbmc/issues/22377
 	NOTE: https://github.com/xbmc/xbmc/commit/00fec1dbdd1df827872c7b55ad93059636dfc076
 	NOTE: https://github.com/xbmc/xbmc/commit/7e5f9fbf9aaa3540aab35e7504036855b23dcf60
@@ -159825,7 +159823,6 @@ CVE-2021-42918
 CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
 	- kodi 2:19.3+dfsg1-1 (bug #998419)
 	[bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
-	[buster] - kodi <no-dsa> (Minor issue)
 	[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
 	- xbmc <removed>
 	NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
@@ -448280,7 +448277,6 @@ CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before
 	NOT-FOR-US: JIRA Workflow Designer Plugin
 CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
 	- kodi 2:18.6+dfsg1-1 (bug #855225)
-	[buster] - kodi <ignored> (Minor issue)
 	[stretch] - kodi <ignored> (Minor issue)
 	[jessie] - kodi <ignored> (Minor issue)
 	- xbmc <removed> (bug #861274)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Jan 2024] DLA-3712-1 kodi - security update
+	{CVE-2017-5982 CVE-2021-42917 CVE-2023-23082 CVE-2023-30207}
+	[buster] - kodi 2:17.6+dfsg1-4+deb10u1
 [10 Jan 2024] DLA-3711-1 linux-5.10 - security update
 	{CVE-2021-44879 CVE-2023-5178 CVE-2023-5197 CVE-2023-5717 CVE-2023-6121 CVE-2023-6531 CVE-2023-6817 CVE-2023-6931 CVE-2023-6932 CVE-2023-25775 CVE-2023-34324 CVE-2023-35827 CVE-2023-45863 CVE-2023-46813 CVE-2023-46862 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782}
 	[buster] - linux-5.10 5.10.205-2~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -115,11 +115,6 @@ keystone (rouca)
 knot-resolver (Markus Koschany)
   NOTE: 20231029: Added by Front-Desk (gladk)
 --
-kodi (Abhijith PA)
-  NOTE: 20231228: Added by Front-Desk (lamby)
-  NOTE: 20231228: CVE-2021-42917 was postponed in 2021; fixed in bullseye via DSA or point release. (lamby)
-  NOTE: 20240414: Fixed issues. https://people.debian.org/~abhijith/upload/kport/update/. Testing (abhijith)
---
 libreswan
   NOTE: 20230817: Added by Front-Desk (ta)
   NOTE: 20230909: Prepared a patch for CVE-2023-38712 and pushed it to



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc67988d2ce63a7661ca0091af3876ce01cb50f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc67988d2ce63a7661ca0091af3876ce01cb50f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240117/7deb96d6/attachment-0001.htm>
