[Git][security-tracker-team/security-tracker][master] Reserve DLA-3714-1 for keystone

Bastien Roucariès (@rouca) rouca at debian.org
Sun Jan 21 21:11:05 GMT 2024 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb665e10 by Bastien Roucariès at 2024-01-21T21:10:41+00:00
Reserve DLA-3714-1 for keystone

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -173970,7 +173970,6 @@ CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/da
 CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
 	- keystone 2:19.0.0-3 (bug #992070)
 	[bullseye] - keystone 2:18.0.0-3+deb11u1
-	[buster] - keystone <no-dsa> (Minor issue)
 	[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
 	NOTE: https://launchpad.net/bugs/1688137
 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
@@ -185515,7 +185514,6 @@ CVE-2021-3563 (A flaw was found in openstack-keystone. Only the first 72 charact
 	- keystone 2:23.0.0-3 (bug #989998)
 	[bookworm] - keystone <no-dsa> (Minor issue)
 	[bullseye] - keystone <no-dsa> (Minor issue)
-	[buster] - keystone <no-dsa> (Minor issue)
 	[stretch] - keystone <end-of-life> (Keystone is not supported in stretch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1901891


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jan 2024] DLA-3714-1 keystone - security update
+	{CVE-2021-3563 CVE-2021-38155}
+	[buster] - keystone 2:14.2.0-0+deb10u2
 [21 Jan 2024] DLA-3713-1 subunit - bugfix update
 	[buster] - subunit 1.3.0-1+deb10u1
 [17 Jan 2024] DLA-3712-1 kodi - security update


=====================================
data/dla-needed.txt
=====================================
@@ -120,11 +120,6 @@ jenkins-htmlunit-core-js
 jinja2
   NOTE: 20240121: Added by Front-Desk (apo)
 --
-keystone (rouca)
-  NOTE: 20231102: Added by Front-Desk (lamby)
-  NOTE: 20231102: Sync (eg. CVE-2021-38155) with stable etc. (lamby)
-  NOTE: 20240105: FTBFS due to https://github.com/testing-cabal/subunit/pull/40 (rouca)
---
 knot-resolver (Markus Koschany)
   NOTE: 20231029: Added by Front-Desk (gladk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb665e10ab603d30151622402c6eef040868bcb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb665e10ab603d30151622402c6eef040868bcb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240121/cfcd8981/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list