[Git][security-tracker-team/security-tracker][master] 5 commits: Added libpgjava to dla-needed. Better to be safe than sorrow.

Ola Lundqvist (@opal) opal at debian.org
Fri Mar 8 21:59:55 GMT 2024 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4309d77c by Ola Lundqvist at 2024-03-08T22:59:25+01:00
Added libpgjava to dla-needed. Better to be safe than sorrow.

- - - - -
2c8bb864 by Ola Lundqvist at 2024-03-08T22:59:27+01:00
Ignore CVE-2023-0842 instead of no-dsa.

- - - - -
9947f15e by Ola Lundqvist at 2024-03-08T22:59:28+01:00
Ignore CVE-2021-42343 instead of no-dsa in buster.

- - - - -
8230aab3 by Ola Lundqvist at 2024-03-08T22:59:30+01:00
Ignore CVE-2016-1243 and CVE-2016-1244 instead of no-dsa in buster.

- - - - -
1f0a9ef4 by Ola Lundqvist at 2024-03-08T22:59:31+01:00
Ignore CVE-2023-46586 instead of no-dsa in buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -27268,7 +27268,7 @@ CVE-2023-46586
 	- weborf 1.0-1 (bug #1054417)
 	[bookworm] - weborf 0.19-2.1+deb12u1
 	[bullseye] - weborf 0.17-3+deb11u1
-	[buster] - weborf <no-dsa> (Minor issue)
+	[buster] - weborf <ignored> (Minor issue)
 	NOTE: https://github.com/ltworf/weborf/pull/88
 	NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0)
 CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and  ...)
@@ -66978,7 +66978,7 @@ CVE-2023-0843
 CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add new p ...)
 	- node-xml2js 0.4.23+~cs15.4.0+dfsg-7 (bug #1034148)
 	[bullseye] - node-xml2js 0.2.8-1+deb11u1
-	[buster] - node-xml2js <no-dsa> (Minor issue)
+	[buster] - node-xml2js <ignored> (Minor issue)
 	NOTE: https://fluidattacks.com/advisories/myers/
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603
@@ -174193,7 +174193,7 @@ CVE-2021-42344
 CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...)
 	- dask.distributed 2021.09.1+ds.1-2
 	[bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1
-	[buster] - dask.distributed <no-dsa> (Minor issue; unreproducible with <2.0)
+	[buster] - dask.distributed <ignored> (Minor issue; unreproducible with <2.0)
 	NOTE: https://github.com/dask/distributed/pull/5427
 	NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
 	NOTE: Likely introduced in https://github.com/quasiben/distributed/commit/fd31ecca8017bae845a73d468de0376c02363fab
@@ -504145,7 +504145,7 @@ CVE-2016-1244 (The extractTree function in unADF allows remote attackers to exec
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
-	[buster] - unadf <no-dsa> (Minor issue)
+	[buster] - unadf <ignored> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
@@ -504153,7 +504153,7 @@ CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
-	[buster] - unadf <no-dsa> (Minor issue)
+	[buster] - unadf <ignored> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -149,6 +149,9 @@ knot-resolver
 libcommons-compress-java (Markus Koschany)
   NOTE: 20240303: Added by Front-Desk (apo)
 --
+libpgjava
+  NOTE: 20240308: Added by Front-Desk (opal)
+--
 libreswan
   NOTE: 20230817: Added by Front-Desk (ta)
   NOTE: 20230909: Prepared a patch for CVE-2023-38712 and pushed it to



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/184920cbaa17cfc22cd9483f7e85360958127c50...1f0a9ef43a0930b9e0f2e553f7007bed982fa384

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/184920cbaa17cfc22cd9483f7e85360958127c50...1f0a9ef43a0930b9e0f2e553f7007bed982fa384
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240308/a8cfcb66/attachment.htm>

More information about the debian-security-tracker-commits mailing list