[Git][security-tracker-team/security-tracker][master] Reserve DLA-3876-1 for setuptools

Daniel Leidert (@dleidert) dleidert at debian.org
Thu Sep 5 00:01:13 BST 2024 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44cf2ed3 by Daniel Leidert at 2024-09-05T01:00:54+02:00
Reserve DLA-3876-1 for setuptools

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -157454,7 +157454,6 @@ CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0
 	NOTE: Negligible security impact
 CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remo ...)
 	- setuptools 65.6.3-1
-	[bullseye] - setuptools <no-dsa> (Minor issue)
 	NOTE: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be (v65.5.1)
 CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments  ...)
 	- pygments 2.15.1+dfsg-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Sep 2024] DLA-3876-1 setuptools - security update
+	{CVE-2022-40897 CVE-2024-6345}
+	[bullseye] - setuptools 52.0.0-4+deb11u1
 [05 Sep 2024] DLA-3875-1 gnutls28 - security update
 	{CVE-2024-28834 CVE-2024-28835}
 	[bullseye] - gnutls28 3.7.1-5+deb11u6


=====================================
data/dla-needed.txt
=====================================
@@ -197,11 +197,6 @@ ruby-sinatra (Jochen)
   NOTE: 20240815: Follow fixes from DLA-3264-1 (CVE-2022-45442)
   NOTE: 20240815: Coordinate with maintainer to review and publish https://salsa.debian.org/ruby-team/ruby-sinatra/-/blob/bullseye/debian/changelog (Beuc/front-desk)
 --
-setuptools (dleidert)
-  NOTE: 20240730: Added by oldstable Security Team (jmm)
-  NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
-  NOTE: 20240829: Waiting for LTS upload queue (dleidert)
---
 smarty3
   NOTE: 20240814: Added by oldstable Security Team (jmm)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44cf2ed3bd7f9584031edfd9fd985cc93763561f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44cf2ed3bd7f9584031edfd9fd985cc93763561f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240904/77455fb4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list