[Git][security-tracker-team/security-tracker][master] Reserve DLA-4393-1 for mako

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Wed Dec 3 04:02:43 GMT 2025 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ea1228d by Utkarsh Gupta at 2025-12-03T09:32:28+05:30
Reserve DLA-4393-1 for mako

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -302375,7 +302375,6 @@ CVE-2022-40024
 CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denia ...)
 	{DLA-3116-1}
 	- mako 1.2.2+ds1-1
-	[bullseye] - mako <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2)
 	NOTE: https://github.com/sqlalchemy/mako/issues/366
 CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Dec 2025] DLA-4393-1 mako - security update
+	{CVE-2022-40023}
+	[bullseye] - mako 1.1.3+ds1-2+deb11u1
 [01 Dec 2025] DLA-4392-1 mistral-dashboard - security update
 	{CVE-2021-4472}
 	[bullseye] - mistral-dashboard 11.0.0-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -234,10 +234,6 @@ libxslt
 linux (Ben Hutchings)
   NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
 --
-mako (Utkarsh)
-  NOTE: 20251117: Added by Front-Desk (lamby)
-  NOTE: 20251117: To address CVE-2022-40023, fixed in both buster and bookworm. (lamby)
---
 mbedtls
   NOTE: 20251102: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ea1228de8b924c370c2e6ef3f2f664fad4b34ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ea1228de8b924c370c2e6ef3f2f664fad4b34ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/c038a430/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list