[Git][security-tracker-team/security-tracker][master] Reserve DLA-4133-1 for wget

Adrian Bunk (@bunk) bunk at debian.org
Mon Apr 21 09:19:04 BST 2025 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b9d77c6 by Adrian Bunk at 2025-04-21T11:18:50+03:00
Reserve DLA-4133-1 for wget

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -89046,7 +89046,6 @@ CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper Neutralizat
 CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...)
 	- wget 1.24.5-2 (bug #1073523)
 	[bookworm] - wget 1.21.3-1+deb12u1
-	[bullseye] - wget <no-dsa> (Minor issue)
 	[buster] - wget <postponed> (Minor issue, infoleak in limited conditions)
 	NOTE: https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Apr 2025] DLA-4133-1 wget - security update
+	{CVE-2024-38428}
+	[bullseye] - wget 1.21-1+deb11u2
 [21 Apr 2025] DLA-4132-1 erlang - security update
 	{CVE-2023-48795 CVE-2025-26618 CVE-2025-30211 CVE-2025-32433}
 	[bullseye] - erlang 1:23.2.6+dfsg-1+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -328,11 +328,6 @@ webpy
   NOTE: 20250421: Added by Front-Desk (ta)
   NOTE: 20250421: not yet fixed upstream
 --
-wget (Adrian Bunk)
-  NOTE: 20250409: Added by Front-Desk (Beuc)
-  NOTE: 20250409: Follow fixes from bookworm 12.10 (CVE-2024-38428)
-  NOTE: 20250409: Also check postponed issues (Beuc/front-desk)
---
 xmlrpc-c
   NOTE: 20250411: Added by Front-Desk (Beuc)
   NOTE: 20250411: See issues with old embedded expat library:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9d77c65c55350111dd96ca9f51f612551463fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9d77c65c55350111dd96ca9f51f612551463fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/f0ba1699/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list