[Git][security-tracker-team/security-tracker][master] Reserve DLA-3884-1 for cacti

Bastien Roucariès (@rouca) rouca at debian.org
Mon Sep 9 16:21:48 BST 2024 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5a45ad3 by Bastien Roucariès at 2024-09-09T15:21:32+00:00
Reserve DLA-3884-1 for cacti

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -156669,7 +156669,6 @@ CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management
 	NOT-FOR-US: Record Management System
 CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...)
 	- cacti 1.2.22+ds1-1
-	[bullseye] - cacti <no-dsa> (Minor issue)
 	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/ccb8b62de0f27f59d5e6073c2ae577a9ca7adaf8 (release/1.2.22)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Sep 2024] DLA-3884-1 cacti - security update
+	{CVE-2022-41444 CVE-2024-25641 CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 CVE-2024-31458 CVE-2024-31459 CVE-2024-34340}
+	[bullseye] - cacti 1.2.16+ds1-2+deb11u4
 [09 Sep 2024] DLA-3883-1 python-jwcrypto - security update
 	{CVE-2024-28102}
 	[bullseye] - python-jwcrypto 0.8.0-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -37,11 +37,6 @@ bind9
   NOTE: 20240815: https://lists.debian.org/debian-security/2024/07/msg00009.html
   NOTE: 20240815: pu request not in the BTS yet, coordinate with maintainer (Beuc/front-desk)
 --
-cacti (rouca)
-  NOTE: 20240522: Added by oldstable Security Team (jmm)
-  NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
-  NOTE: Retake cacti bookworm dsa was partial
---
 dnsmasq
   NOTE: 20240313: Added by oldstable Security Team (jmm)
   NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5a45ad33a5ae518e12e3513219019fa268f09ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5a45ad33a5ae518e12e3513219019fa268f09ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240909/91fd5bac/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list