[Git][security-tracker-team/security-tracker][master] Reserve DLA-3865-1 for frr

Tobias Frost (@tobi) tobi at debian.org
Tue Sep 3 05:55:53 BST 2024 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ecafc5ee by Tobias Frost at 2024-09-03T06:55:29+02:00
Reserve DLA-3865-1 for frr

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -167288,7 +167288,6 @@ CVE-2022-37036
 CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
 	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1016978)
-	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/11698
 	NOTE: https://github.com/FRRouting/frr/pull/11926
 	NOTE: https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee
@@ -198733,31 +198732,26 @@ CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The
 CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
 	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
-	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10503
 	NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26128)
 CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due  ...)
 	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
-	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10502
 	NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26129)
 CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due  ...)
 	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
-	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10487
 	NOTE: Fixed by https://github.com/FRRouting/frr/pull/10494
 CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
 	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
-	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10505
 	NOTE: Fixed by https://github.com/FRRouting/frr/pull/10566
 CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
 	{DLA-3797-1}
 	- frr 8.4.1-1 (bug #1008010)
-	[bullseye] - frr <no-dsa> (Minor issue)
 	NOTE: https://github.com/FRRouting/frr/issues/10507
 	NOTE: Fix (8.2): https://github.com/FRRouting/frr/pull/10542
 	NOTE: Fix (8.3): https://github.com/FRRouting/frr/pull/10517


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Sep 2024] DLA-3865-1 frr - security update
+	{CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128 CVE-2022-26129 CVE-2022-37035 CVE-2023-38406 CVE-2023-38407 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235 CVE-2024-31948 CVE-2024-31949 CVE-2024-44070}
+	[bullseye] - frr 7.5.1-1.1+deb11u3
 [02 Sep 2024] DLA-3864-1 webkit2gtk - security update
 	{CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780 CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794}
 	[bullseye] - webkit2gtk 2.44.3-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -88,11 +88,6 @@ flatpak
   NOTE: 20240814: Added by oldstable Security Team (carnil)
   NOTE: 20240815: Follow fixes from DSA-5749-1 (CVE-2024-42472) (Beuc/front-desk)
 --
-frr (Tobias Frost)
-  NOTE: 20231107: Added by oldstable Security Team (jmm)
-  NOTE: 20240404: Tobias Frost (tobi) proposed to work on preparing an update (carnil)
-  NOTE: 20240525: discussion with Debian maintainer for status on bullseye + updates (carnil)
---
 ghostscript (abhijith)
   NOTE: 20240718: Added by oldstable Security Team (carnil)
   NOTE: 20240815: A bookworm DSA is planned



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecafc5ee5870f8327760230c630f2be4d81a6f00

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecafc5ee5870f8327760230c630f2be4d81a6f00
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240903/2e7d16d3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list