[Git][security-tracker-team/security-tracker][master] Reserve DLA-3926-1 for perl

Guilhem Moulin (@guilhem) guilhem at debian.org
Mon Oct 21 14:32:47 BST 2024



Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
baed9adb by Guilhem Moulin at 2024-10-21T15:32:28+02:00
Reserve DLA-3926-1 for perl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -113649,7 +113649,6 @@ CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downlo
 	[experimental] - perl 5.38.0~rc2-1
 	- perl 5.38.2-2 (bug #1035109)
 	[bookworm] - perl <no-dsa> (Minor issue)
-	[bullseye] - perl <no-dsa> (Minor issue)
 	[buster] - perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/andk/cpanpm/pull/175
 	NOTE: https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)
@@ -333846,7 +333845,6 @@ CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.
 	NOT-FOR-US: Nagios Log Server
 CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass.)
 	- perl 5.36.0-4 (bug #1015985)
-	[bullseye] - perl <no-dsa> (Minor issue)
 	[buster] - perl <no-dsa> (Minor issue)
 	[stretch] - perl <no-dsa> (Minor issue)
 	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Oct 2024] DLA-3926-1 perl - security update
+	{CVE-2020-16156 CVE-2023-31484}
+	[bullseye] - perl 5.32.1-4+deb11u4
 [20 Oct 2024] DLA-3925-1 asterisk - security update
 	{CVE-2024-42365 CVE-2024-42491}
 	[bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -143,10 +143,6 @@ openssl
   NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-5678, CVE-2024-0727) (Beuc/front-desk)
   NOTE: 20241015: Please follow salsa issue: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/147
 --
-perl
-  NOTE: 20241002: Added by Front-Desk (Beuc)
-  NOTE: 20241002: A sponsor requested we fix CVE-2020-16156 (Beuc/front-desk)
---
 pgpool2
   NOTE: 20240915: Added by Front-Desk (ta)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baed9adb2410a5a7434d44e6215d6ca4658b5056

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baed9adb2410a5a7434d44e6215d6ca4658b5056
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241021/d65fa6fd/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list