[Git][security-tracker-team/security-tracker][master] 2 commits: Removed knot-resolver from dla-needed and marked CVEs as either no-dsa or...

Ola Lundqvist (@opal) opal at debian.org
Sat Mar 9 23:10:17 GMT 2024 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d002f8b by Ola Lundqvist at 2024-03-10T00:05:39+01:00
Removed knot-resolver from dla-needed and marked CVEs as either no-dsa or ignored following bullseye.

- - - - -
039a4be0 by Ola Lundqvist at 2024-03-10T00:09:37+01:00
Removed libstb from dla-needed and marked all its CVEs as no-dsa following buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6732,6 +6732,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
 	[bullseye] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
+	[buster] - knot-resolver <ignored> (Too intrusive to backport)
 	- pdns-recursor 4.9.3-1 (bug #1063852)
 	- unbound 1.19.1-1 (bug #1063845)
 	- systemd 255.4-1
@@ -6771,6 +6772,7 @@ CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 51
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
 	[bullseye] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
+	[buster] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
 	- pdns-recursor 4.9.3-1 (bug #1063852)
 	- unbound 1.19.1-1 (bug #1063845)
 	- systemd 255.4-1
@@ -27389,6 +27391,7 @@ CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon
 	{DSA-5633-1}
 	- knot-resolver 5.7.0-1
 	[bullseye] - knot-resolver <no-dsa> (Minor issue)
+	[buster] - knot-resolver <no-dsa> (Minor issue)
 	NOTE: https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html
 	NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448
 	NOTE: https://github.com/CZ-NIC/knot-resolver/commit/7aec8ebdf1428afcb7f5bc62764149ffeaf3d3fe (v6.0.6)
@@ -27556,48 +27559,56 @@ CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 15)
 	NOTE: https://github.com/nothings/stb/pull/1560
 CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 14)
 	NOTE: https://github.com/nothings/stb/pull/1559
 CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 13)
 	NOTE: https://github.com/nothings/stb/pull/1558
 CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 12)
 	NOTE: https://github.com/nothings/stb/pull/1557
 CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 11)
 	NOTE: https://github.com/nothings/stb/pull/1556
 CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 10)
 	NOTE: https://github.com/nothings/stb/pull/1555
 CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 9)
 	NOTE: https://github.com/nothings/stb/pull/1554
 CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 8)
 	NOTE: https://github.com/nothings/stb/issues/1552
 	NOTE: https://github.com/nothings/stb/pull/1553
@@ -27605,6 +27616,7 @@ CVE-2023-45667 (stb_image is a single file MIT licensed library for processing i
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 7)
 	NOTE: https://github.com/nothings/stb/issues/1550
 	NOTE: https://github.com/nothings/stb/pull/1551
@@ -27612,6 +27624,7 @@ CVE-2023-45666 (stb_image is a single file MIT licensed library for processing i
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 6)
 	NOTE: https://github.com/nothings/stb/issues/1548
 	NOTE: https://github.com/nothings/stb/pull/1549
@@ -27619,6 +27632,7 @@ CVE-2023-45664 (stb_image is a single file MIT licensed library for processing i
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 4)
 	NOTE: https://github.com/nothings/stb/issues/1542
 	NOTE: https://github.com/nothings/stb/pull/1545
@@ -27626,6 +27640,7 @@ CVE-2023-45663 (stb_image is a single file MIT licensed library for processing i
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 3)
 	NOTE: https://github.com/nothings/stb/issues/1542
 	NOTE: https://github.com/nothings/stb/pull/1543
@@ -27633,6 +27648,7 @@ CVE-2023-45662 (stb_image is a single file MIT licensed library for processing i
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 2)
 	NOTE: https://github.com/nothings/stb/issues/1540
 	NOTE: https://github.com/nothings/stb/pull/1541
@@ -27640,6 +27656,7 @@ CVE-2023-45661 (stb_image is a single file MIT licensed library for processing i
 	- libstb <unfixed> (bug #1054911)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 1)
 	NOTE: https://github.com/nothings/stb/issues/1538
 	NOTE: https://github.com/nothings/stb/pull/1539


=====================================
data/dla-needed.txt
=====================================
@@ -113,9 +113,6 @@ jenkins-htmlunit-core-js
 jetty9
   NOTE: 20240303: Added by Front-Desk (apo)
 --
-knot-resolver
-  NOTE: 20231029: Added by Front-Desk (gladk)
---
 libcommons-compress-java (Markus Koschany)
   NOTE: 20240303: Added by Front-Desk (apo)
 --
@@ -143,14 +140,6 @@ libssh
   NOTE: 20240227: <https://archive.libssh.org/libssh/2024-02/0000009.html>
   NOTE: 20240227: (spwhitton).
 --
-libstb
-  NOTE: 20231029: Added by Front-Desk (gladk)
-  NOTE: 20231029: A lot of open CVEs. Maybe duplicates.
-  NOTE: 20231029: If you take a package, please evaluate it as well as its importance.
-  NOTE: 20221119: None of the new CVE fixes has been reviewed by upstream so far,
-  NOTE: 20221119: and in the past CVE fixes have caused regressions.
-  NOTE: 20221119: Wait for upstream merge of fixes (and fixing in unstable). (bunk)
---
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dbde68266ab01179bc528f5a569140f7dbe09b58...039a4be02023f34f77a2c4e6b484a93cef362aa2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dbde68266ab01179bc528f5a569140f7dbe09b58...039a4be02023f34f77a2c4e6b484a93cef362aa2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/a951479d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list