[Git][security-tracker-team/security-tracker][master] Reserve DLA-3933-1 for dmitry

[Adrian Bunk (@bunk)]

Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05b5b91f by Adrian Bunk at 2024-10-22T23:56:06+03:00
Reserve DLA-3933-1 for dmitry

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -49286,7 +49286,6 @@ CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a rem
 CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...)
 	- dmitry 1.3a-5 (bug #1070370)
 	[bookworm] - dmitry 1.3a-1.2+deb12u1
-	[bullseye] - dmitry <no-dsa> (Minor issue)
 	[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires malicious parameter)
 	NOTE: https://github.com/jaygreig86/dmitry/pull/12
 CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...)
@@ -338860,7 +338859,6 @@ CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $ma
 CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...)
 	- dmitry 1.3a-5 (bug #1070370)
 	[bookworm] - dmitry 1.3a-1.2+deb12u1
-	[bullseye] - dmitry <no-dsa> (Minor issue)
 	[buster] - dmitry <postponed> (Minor issue, requires hostile whois server)
 	NOTE: https://github.com/jaygreig86/dmitry/issues/4
 	NOTE: https://github.com/jaygreig86/dmitry/pull/6
@@ -519017,7 +519015,6 @@ CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworse
 CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
 	- dmitry 1.3a-5 (bug #1070370)
 	[bookworm] - dmitry 1.3a-1.2+deb12u1
-	[bullseye] - dmitry <no-dsa> (Minor issue)
 	[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires malicious parameter)
 	NOTE: https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
 	NOTE: https://github.com/jaygreig86/dmitry/pull/12


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Oct 2024] DLA-3933-1 dmitry - security update
+	{CVE-2017-7938 CVE-2020-14931 CVE-2024-31837}
+	[bullseye] - dmitry 1.3a-1.1+deb11u1
 [22 Oct 2024] DLA-3932-1 python-sql - security update
 	{CVE-2024-9774}
 	[bullseye] - python-sql 1.2.1-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -45,10 +45,6 @@ ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
 --
-dmitry (Adrian Bunk)
-  NOTE: 20241021: Added by Front-Desk (lamby)
-  NOTE: 20241021: Sync with stable (lamby)
---
 dnsmasq
   NOTE: 20240313: Added by oldstable Security Team (jmm)
   NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b5b91f2b1312332f31495cf7e5d49673f49c93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b5b91f2b1312332f31495cf7e5d49673f49c93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241022/ea4c6bd6/attachment.htm>