[Git][security-tracker-team/security-tracker][master] Reserve DLA-3722-1 for mariadb-10.3

Sat Jan 27 07:29:36 GMT 2024


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3ee8b68 by Bastien Roucariès at 2024-01-27T07:29:14+00:00
Reserve DLA-3722-1 for mariadb-10.3

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -217932,8 +217932,8 @@ CVE-2020-35878 (An issue was discovered in the ozone crate through 2020-07-04 fo
 CVE-2020-35877 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...)
 	NOT-FOR-US: ozone rust crate
 CVE-2020-35876 (An issue was discovered in the rio crate through 2020-05-11 for Rust.  ...)
-        - rust-rio <unfixed> (bug #1061577)
-        NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0021.html
+	- rust-rio <unfixed> (bug #1061577)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0021.html
 CVE-2020-35875 (An issue was discovered in the tokio-rustls crate before 0.13.1 for Ru ...)
 	NOT-FOR-US: Rust crate tokio-rustls
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0019.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jan 2024] DLA-3722-1 mariadb-10.3 - security update
+	{CVE-2023-22084}
+	[buster] - mariadb-10.3 1:10.3.39-0+deb10u2
 [25 Jan 2024] DLA-3721-1 xorg-server - security update
 	{CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-0409 CVE-2024-21885 CVE-2024-21886}
 	[buster] - xorg-server 2:1.20.4-1+deb10u13


=====================================
data/dla-needed.txt
=====================================
@@ -154,10 +154,6 @@ linux (Ben Hutchings)
 linux-5.10
   NOTE: 20231005: perma-added for LTS package-specific delegation (bwh)
 --
-mariadb-10.3 (rouca)
-  NOTE: 20231129: Added by Front-Desk (Beuc)
-  NOTE: 20240114: Contacted upstream about this particular CVE and that commit fix it (rouca)
---
 nova
   NOTE: 20230302: Re-add, request by maintainer (Beuc)
   NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ee8b68684a0594bb47ea4a03d5c650b358e50b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ee8b68684a0594bb47ea4a03d5c650b358e50b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240127/03964bc5/attachment-0001.htm>
