[Git][security-tracker-team/security-tracker][master] Reserve DLA-3777-1 for composer
Bastien Roucariès (@rouca)
rouca at debian.org
Wed Mar 27 08:35:14 GMT 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58493d0a by Bastien Roucariès at 2024-03-27T08:34:47+00:00
Reserve DLA-3777-1 for composer
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36112,7 +36112,6 @@ CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a com
- composer 2.6.4-1
[bookworm] - composer <no-dsa> (Minor issue)
[bullseye] - composer <no-dsa> (Minor issue)
- [buster] - composer <no-dsa> (Minor issue, only a problem when configured improperly)
NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27)
NOTE: https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c (2.2.22)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Mar 2024] DLA-3777-1 composer - security update
+ {CVE-2023-43655}
+ [buster] - composer 1.8.4-1+deb10u3
[26 Mar 2024] DLA-3776-1 nodejs - security update
{CVE-2023-30590 CVE-2023-46809 CVE-2024-22025}
[buster] - nodejs 10.24.0~dfsg-1~deb10u4
=====================================
data/dla-needed.txt
=====================================
@@ -40,13 +40,6 @@ bind9 (Sean Whitton)
NOTE: 20240218: Added by Front-Desk (lamby)
NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 already fixed in bullseye. (lamby)
--
-composer (rouca)
- NOTE: 20240209: Added by Front-Desk (utkarsh)
- NOTE: 20240304: Need to backport bullseye (rouca)
- NOTE: 20240312: likely not affected by CVE-2024-24821 (rouca)
- NOTE: 20240315: DSA 5632-1 is out (Beuc/front-desk)
- NOTE: 20240316: Ask clarification about some fixes on DSA 5632-1 without CVE
---
dnsmasq
NOTE: 20240303: Added by Front-Desk (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58493d0ae7ad5b00c5f5403c8a3a9aef445775cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58493d0ae7ad5b00c5f5403c8a3a9aef445775cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240327/a3a6212a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list