[Git][security-tracker-team/security-tracker][master] Reserve DLA-3878-1 for libxml2

Thu Sep 5 16:10:55 BST 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8649a3b by Adrian Bunk at 2024-09-05T18:10:43+03:00
Reserve DLA-3878-1 for libxml2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -172920,7 +172920,6 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of se
 	[buster] - lxml <no-dsa> (Minor issue)
 	- libxml2 2.9.14+dfsg-1.3 (bug #1039991)
 	[bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1
-	[bullseye] - libxml2 <no-dsa> (Minor issue)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/
 	NOTE: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1)
@@ -549475,7 +549474,6 @@ CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on ban
 	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
 CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after commit 960 ...)
 	- libxml2 2.9.12+dfsg-3
-	[bullseye] - libxml2 <no-dsa> (Minor issue)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769760


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Sep 2024] DLA-3878-1 libxml2 - security update
+	{CVE-2016-3709 CVE-2022-2309}
+	[bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u5
 [05 Sep 2024] DLA-3877-1 ruby-sinatra - security update
 	{CVE-2022-29970 CVE-2022-45442}
 	[bullseye] - ruby-sinatra 2.0.8.1-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -100,11 +100,6 @@ glewlwyd
 libvirt (Thorsten Alteholz)
   NOTE: 20240826: Added by Front-Desk (ta)
 --
-libxml2 (Adrian Bunk)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2022-2309) (low-priority)
-  NOTE: 20240815: Consider fixing CVE-2016-3709 (Beuc/front-desk)
---
 linux (Ben Hutchings)
   NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8649a3b5f801ea95446c65ef4ff5c0f87601299

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8649a3b5f801ea95446c65ef4ff5c0f87601299
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/043581c9/attachment-0001.htm>
