[Git][security-tracker-team/security-tracker][master] Reserve DLA-3753-1 for yard

Adrian Bunk (@bunk) bunk at debian.org
Wed Mar 6 20:11:47 GMT 2024 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72dabf92 by Adrian Bunk at 2024-03-06T22:11:22+02:00
Reserve DLA-3753-1 for yard

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -329064,7 +329064,6 @@ CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
 	NOT-FOR-US: Pterodactyl
 CVE-2019-1020001 (yard before 0.9.20 allows path traversal.)
 	- yard 0.9.20-1 (low; bug #945369)
-	[buster] - yard <no-dsa> (Minor issue)
 	[stretch] - yard <no-dsa> (Minor issue)
 	[jessie] - yard <not-affected> (Bug was introduced in 0.9.6)
 	NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Mar 2024] DLA-3753-1 yard - security update
+	{CVE-2019-1020001 CVE-2024-27285}
+	[buster] - yard 0.9.16-1+deb10u1
 [05 Mar 2024] DLA-3752-1 libuv1 - security update
 	{CVE-2024-24806}
 	[buster] - libuv1 1.24.1-1+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -332,9 +332,6 @@ varnish
   NOTE: 20240122: Still fixing tests (abhijith)
   NOTE: 20240213: Fixing tests.(abhijith)
 --
-yard (Adrian Bunk)
-  NOTE: 20240303: Added by Front-Desk (apo)
---
 zabbix
   NOTE: 20240212: Added by Front-Desk (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72dabf922fd5d03bcbaa624bca60975d06b61ac2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72dabf922fd5d03bcbaa624bca60975d06b61ac2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240306/154c0112/attachment.htm>

More information about the debian-security-tracker-commits mailing list