[Git][security-tracker-team/security-tracker][master] Reserve DLA-3926-1 for perl
Guilhem Moulin (@guilhem)
guilhem at debian.org
Mon Oct 21 14:32:47 BST 2024
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
baed9adb by Guilhem Moulin at 2024-10-21T15:32:28+02:00
Reserve DLA-3926-1 for perl
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -113649,7 +113649,6 @@ CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downlo
[experimental] - perl 5.38.0~rc2-1
- perl 5.38.2-2 (bug #1035109)
[bookworm] - perl <no-dsa> (Minor issue)
- [bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
NOTE: https://github.com/andk/cpanpm/pull/175
NOTE: https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)
@@ -333846,7 +333845,6 @@ CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.
NOT-FOR-US: Nagios Log Server
CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass.)
- perl 5.36.0-4 (bug #1015985)
- [bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
[stretch] - perl <no-dsa> (Minor issue)
NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Oct 2024] DLA-3926-1 perl - security update
+ {CVE-2020-16156 CVE-2023-31484}
+ [bullseye] - perl 5.32.1-4+deb11u4
[20 Oct 2024] DLA-3925-1 asterisk - security update
{CVE-2024-42365 CVE-2024-42491}
[bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u5
=====================================
data/dla-needed.txt
=====================================
@@ -143,10 +143,6 @@ openssl
NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-5678, CVE-2024-0727) (Beuc/front-desk)
NOTE: 20241015: Please follow salsa issue: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/147
--
-perl
- NOTE: 20241002: Added by Front-Desk (Beuc)
- NOTE: 20241002: A sponsor requested we fix CVE-2020-16156 (Beuc/front-desk)
---
pgpool2
NOTE: 20240915: Added by Front-Desk (ta)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baed9adb2410a5a7434d44e6215d6ca4658b5056
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baed9adb2410a5a7434d44e6215d6ca4658b5056
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241021/d65fa6fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list