[Git][security-tracker-team/security-tracker][master] 2 commits: lts: add libarchive

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Oct 31 14:08:52 GMT 2024 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15b5eb40 by Emilio Pozuelo Monfort at 2024-10-31T15:07:59+01:00
lts: add libarchive

- - - - -
106a633a by Emilio Pozuelo Monfort at 2024-10-31T15:08:00+01:00
Correct libyang triaging for bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -131415,17 +131415,17 @@ CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate
 	NOT-FOR-US: Diasoft File Replication Pro
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
 	- libyang 3.4.2+dfsg-2 (bug #989060)
+	[bullseye] - libyang <no-dsa> (Minor issue)
 	- libyang2 2.1.148-0.1 (bug #1034724)
 	[bookworm] - libyang2 <ignored> (Minor issue)
-	[bullseye] - libyang2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1987
 	NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55)
 	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3
 CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
 	- libyang 3.4.2+dfsg-2 (bug #989060)
+	[bullseye] - libyang <no-dsa> (Minor issue)
 	- libyang2 2.1.148-0.1 (bug #1034154)
 	[bookworm] - libyang2 <ignored> (Minor issue)
-	[bullseye] - libyang2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/issues/1979
 	NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55)
 	NOTE: src:libyang was removed and later re-introduced as src:libyang with version 3


=====================================
data/dla-needed.txt
=====================================
@@ -87,6 +87,10 @@ intel-mediasdk (tobi)
 knot-resolver
   NOTE: 20240924: Added by Front-Desk (lamby)
 --
+libarchive
+  NOTE: 20241031: Added by Front-Desk (pochu)
+  NOTE: 20241031: look at no-dsa issues as well (pochu)
+--
 libvirt (Thorsten Alteholz)
   NOTE: 20240826: Added by Front-Desk (ta)
   NOTE: 20241019: more testing needed



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab926472dee4bef5568e94a7f918c901276aebad...106a633a02ed1dad5e6cb28b5ac33fa55707fac4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab926472dee4bef5568e94a7f918c901276aebad...106a633a02ed1dad5e6cb28b5ac33fa55707fac4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/35ae552c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list