[Git][security-tracker-team/security-tracker][master] Move expat to be released via point release update instead of DSA (minor issues not warranting DSA)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 4 15:32:09 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1909aaf by Salvatore Bonaccorso at 2024-05-04T16:31:09+02:00
Move expat to be released via point release update instead of DSA (minor issues not warranting DSA)

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -26864,6 +26864,8 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if
 CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...)
 	{DLA-3783-1}
 	- expat 2.6.0-1 (bug #1063238)
+	[bookworm] - expat <no-dsa> (Minor issue; can be fixed via point release)
+	[bullseye] - expat <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/libexpat/libexpat/pull/789
 	NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1
 CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ dnsdist (jmm)
 --
 dnsmasq
 --
-expat (carnil)
---
 frr
   Tobias Frost (tobi) proposed to work on preparing an update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1909aaf9658e0ae743be41e17971ccbc01e3db4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1909aaf9658e0ae743be41e17971ccbc01e3db4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240504/8febcd4c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list