[Git][security-tracker-team/security-tracker][master] Reserve DLA-3762-1 for unadf

Fri Mar 15 16:43:26 GMT 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62f50578 by Adrian Bunk at 2024-03-15T18:43:03+02:00
Reserve DLA-3762-1 for unadf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -505651,7 +505651,6 @@ CVE-2016-1244 (The extractTree function in unADF allows remote attackers to exec
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
-	[buster] - unadf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
@@ -505659,7 +505658,6 @@ CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
-	[buster] - unadf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Mar 2024] DLA-3762-1 unadf - security update
+	{CVE-2016-1243 CVE-2016-1244}
+	[buster] - unadf 0.7.11a-4+deb11u1~deb10u1
 [15 Mar 2024] DLA-3761-1 spip - security update
 	{CVE-2023-52322}
 	[buster] - spip 3.2.4-1+deb10u13


=====================================
data/dla-needed.txt
=====================================
@@ -298,10 +298,6 @@ tiff
 tomcat9
   NOTE: 20240121: Added by Front-Desk (apo)
 --
-unadf (Adrian Bunk)
-  NOTE: 20240314: Added by Front-Desk (Beuc)
-  NOTE: 20240314: Follow fixes from bullseye 11.9 (two 2016 CVEs) (Beuc/front-desk)
---
 varnish
   NOTE: 20231117: Added by Front-Desk (apo)
   NOTE: 20231204: Working on pre commits for CVE-2023-44487, https://github.com/varnishcache/varnish-cache/pull/4004



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f505787f67bbc9ca45d0141b0600de207e9bba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f505787f67bbc9ca45d0141b0600de207e9bba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240315/0f136f39/attachment-0001.htm>
