[Git][security-tracker-team/security-tracker][master] 2 commits: Removed python-glance-store when marking CVE-2024-1141 as no-dsa following buster.

Sat Mar 9 23:24:30 GMT 2024


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
542ce46a by Ola Lundqvist at 2024-03-10T00:21:35+01:00
Removed python-glance-store when marking CVE-2024-1141 as no-dsa following buster.

- - - - -
37959a54 by Ola Lundqvist at 2024-03-10T00:24:10+01:00
Removed python-os-brick from dla-needed. The CVE that could potentially warrant a fix was not fixed in jessie and stretch either.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8968,6 +8968,7 @@ CVE-2024-1141 (A vulnerability was found in python-glance-store. The issue occur
 	- python-glance-store <unfixed> (bug #1063795)
 	[bookworm] - python-glance-store <no-dsa> (Minor issue)
 	[bullseye] - python-glance-store <no-dsa> (Minor issue)
+	[buster] - python-glance-store <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258836
 	NOTE: https://github.com/openstack/glance_store/commit/d6e531af4821c8466b1e9404f12f89f6216417f2
 	NOTE: https://github.com/openstack/glance_store/commit/a5ba027922ba1230b4ae9abb810f36427be6354a


=====================================
data/dla-needed.txt
=====================================
@@ -196,16 +196,6 @@ python-asyncssh
   NOTE: 20240116: Added by Front-Desk (lamby)
   NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert)
 --
-python-glance-store
-  NOTE: 20230525: Added by Front-Desk (lamby)
-  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
-  NOTE: 20230705: pushed a patched version to: https://salsa.debian.org/lts-team/packages/python-glance-store (jspricke)
-  NOTE: 20230705: upstream patch looks fine to me but should probably be tested and released together with the other affected packages. (jspricke)
---
-python-os-brick
-  NOTE: 20230525: Added by Front-Desk (lamby)
-  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
---
 qemu (Adrian Bunk)
   NOTE: 20240119: Added by Front-Desk (lamby)
   NOTE: 20240119: CVE-2023-1544 and CVE-2023-3354 already fixed in bullseye via DSA or point releases; to be fixed or <ignored>. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/baecd314bdf3293e6b637984e5d08c466238986f...37959a54babf8a1d7ab8e6a1c1eadd1955f61000

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/baecd314bdf3293e6b637984e5d08c466238986f...37959a54babf8a1d7ab8e6a1c1eadd1955f61000
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/c4816f5a/attachment-0001.htm>
