[Git][security-tracker-team/security-tracker][master] Reserve DLA-3893-1 for expat
Guilhem Moulin (@guilhem)
guilhem at debian.org
Thu Sep 19 02:35:16 BST 2024
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78cabf5d by Guilhem Moulin at 2024-09-19T03:33:50+02:00
Reserve DLA-3893-1 for expat
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -65062,7 +65062,6 @@ CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource cons
{DLA-3783-1}
- expat 2.6.0-1 (bug #1063238)
[bookworm] - expat <no-dsa> (Minor issue; can be fixed via point release)
- [bullseye] - expat <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/libexpat/libexpat/pull/789
NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1
CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Sep 2024] DLA-3893-1 expat - security update
+ {CVE-2023-52425 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492}
+ [bullseye] - expat 2.2.10-2+deb11u6
[18 Sep 2024] DLA-3892-1 tinyproxy - security update
{CVE-2022-40468 CVE-2023-49606}
[bullseye] - tinyproxy 1.10.0-5+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -64,10 +64,6 @@ exim4 (apo)
NOTE: 20240815: Follow fixes from bookworm 12.3 (2 CVEs)
NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
--
-expat (guilhem)
- NOTE: 20240911: Added by Front-Desk (ta)
- NOTE: 20240911: maybe also take care of bookworm
---
ffmpeg (Emilio)
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cabf5d5f941c47311b08b4d5d1cef809c08edc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cabf5d5f941c47311b08b4d5d1cef809c08edc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240919/d4e043c4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list