[Git][security-tracker-team/security-tracker][master] Reserve DLA-3823-1 for less

Guilhem Moulin (@guilhem) guilhem at debian.org
Mon May 27 20:30:50 BST 2024 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0cae9749 by Guilhem Moulin at 2024-05-27T21:29:40+02:00
Reserve DLA-3823-1 for less

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -33352,7 +33352,6 @@ CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server
 CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...)
 	{DSA-5679-1}
 	- less 590-2.1 (bug #1064293)
-	[buster] - less <no-dsa> (Minor issue)
 	NOTE: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 (v606)
 CVE-2020-36774 (plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x b ...)
 	- glade 3.38.2-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 May 2024] DLA-3823-1 less - security update
+	{CVE-2022-48624 CVE-2024-32487}
+	[buster] - less 487-0.1+deb10u1
 [27 May 2024] DLA-3822-1 python-pymysql - security update
 	{CVE-2024-36039}
 	[buster] - python-pymysql 0.9.3-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -132,11 +132,6 @@ jenkins-htmlunit-core-js
   NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it may
   NOTE: 20231231: … indeed be vulnerable. (lamby)
 --
-less (guilhem)
-  NOTE: 20240418: Added by Front-Desk (apo)
-  NOTE: 20240506: Pushed CVE-2022-48624 fix to git repo. (abhijith)
-  NOTE: 20240523: https://salsa.debian.org/debian/less/-/tree/buster-LTS-fix (abhijith)
---
 libmojolicious-perl
   NOTE: 20240421: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cae97496c1169143e5851b65357aa667a635476

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cae97496c1169143e5851b65357aa667a635476
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240527/5cecb207/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list