[Git][security-tracker-team/security-tracker][master] Reserve DLA-3893-1 for expat

Guilhem Moulin (@guilhem) guilhem at debian.org
Thu Sep 19 02:35:16 BST 2024 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78cabf5d by Guilhem Moulin at 2024-09-19T03:33:50+02:00
Reserve DLA-3893-1 for expat

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -65062,7 +65062,6 @@ CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource cons
 	{DLA-3783-1}
 	- expat 2.6.0-1 (bug #1063238)
 	[bookworm] - expat <no-dsa> (Minor issue; can be fixed via point release)
-	[bullseye] - expat <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/libexpat/libexpat/pull/789
 	NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1
 CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Sep 2024] DLA-3893-1 expat - security update
+	{CVE-2023-52425 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492}
+	[bullseye] - expat 2.2.10-2+deb11u6
 [18 Sep 2024] DLA-3892-1 tinyproxy - security update
 	{CVE-2022-40468 CVE-2023-49606}
 	[bullseye] - tinyproxy 1.10.0-5+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -64,10 +64,6 @@ exim4 (apo)
   NOTE: 20240815: Follow fixes from bookworm 12.3 (2 CVEs)
   NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
 --
-expat (guilhem)
-  NOTE: 20240911: Added by Front-Desk (ta)
-  NOTE: 20240911: maybe also take care of bookworm
---
 ffmpeg (Emilio)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cabf5d5f941c47311b08b4d5d1cef809c08edc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cabf5d5f941c47311b08b4d5d1cef809c08edc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240919/d4e043c4/attachment.htm>

More information about the debian-security-tracker-commits mailing list