[Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed update for dnsmasq via bookworm-pu

Mon Sep 23 21:03:17 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee7d2bba by Salvatore Bonaccorso at 2024-09-23T22:03:05+02:00
Track proposed update for dnsmasq via bookworm-pu

- - - - -
b13d85b0 by Salvatore Bonaccorso at 2024-09-23T22:03:05+02:00
Drop dnsmasq as update has been proposed through point release

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -63592,6 +63592,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
 	{DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
+	[bookworm] - dnsmasq <no-dsa> (Update proposed for next point release)
 	- knot-resolver 5.7.1-1
 	[bullseye] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
 	[buster] - knot-resolver <ignored> (Too intrusive to backport)
@@ -63640,6 +63641,7 @@ CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 51
 	{DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
+	[bookworm] - dnsmasq <no-dsa> (Update proposed for next point release)
 	- knot-resolver 5.7.1-1
 	[bullseye] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
 	[buster] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)


=====================================
data/dsa-needed.txt
=====================================
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 activemq
 --
-dnsmasq
-  Lee Garrett showed interest to prepare an update for review
---
 frr
   coordination with the maintainer ongoing
 --


=====================================
data/next-point-update.txt
=====================================
@@ -74,3 +74,9 @@ CVE-2024-21096
 	[bookworm] - mariadb 1:10.11.9-0+deb12u1
 CVE-2024-6232
 	[bookworm] - python3.11 3.11.2-6+deb12u4
+CVE-2023-28450
+	[bookworm] - dnsmasq 2.90-4~deb12u1
+CVE-2023-50387
+	[bookworm] - dnsmasq 2.90-4~deb12u1
+CVE-2023-50868
+	[bookworm] - dnsmasq 2.90-4~deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/88b4b247b97369545dadcf73f09103983693c0df...b13d85b09c73e39b8406ed769ff00c4905968954

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/88b4b247b97369545dadcf73f09103983693c0df...b13d85b09c73e39b8406ed769ff00c4905968954
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240923/29493b09/attachment-0001.htm>
