[Git][security-tracker-team/security-tracker][master] Reserve DLA-4021-1 for 389-ds-base
Andrej Shadura (@andrewsh)
andrewsh at debian.org
Sun Jan 19 14:17:26 GMT 2025
Andrej Shadura pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3cb493e by Andrej Shadura at 2025-01-19T15:17:02+01:00
Reserve DLA-4021-1 for 389-ds-base
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -202656,7 +202656,6 @@ CVE-2022-2851
CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content Synchronization plug ...)
{DLA-3399-1}
- 389-ds-base 2.3.1-1 (bug #1018054)
- [bullseye] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691
NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
NOTE: https://github.com/389ds/389-ds-base/issues/5418
@@ -234499,7 +234498,6 @@ CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sens
CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...)
{DLA-3399-1}
- 389-ds-base 2.0.15-1
- [bullseye] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
NOTE: https://github.com/389ds/389-ds-base/issues/5221
NOTE: https://github.com/389ds/389-ds-base/commit/b7fd028e5e67686afea617beb1791e9f3e7a4cb9 (389-ds-base-2.1.1)
@@ -235622,7 +235620,6 @@ CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.
CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...)
{DLA-3399-1}
- 389-ds-base 2.0.15-1.1 (bug #1016445)
- [bullseye] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
NOTE: https://github.com/389ds/389-ds-base/issues/5242
NOTE: https://github.com/389ds/389-ds-base/commit/caad47ab207d7c5d61521ec4d33091db559c315a (master)
@@ -255797,7 +255794,6 @@ CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF))
CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
{DLA-3399-1}
- 389-ds-base 2.0.15-1
- [bullseye] - 389-ds-base <no-dsa> (Minor issue)
[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
@@ -280746,7 +280742,6 @@ CVE-2021-36768
CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...)
{DLA-3399-1}
- 389-ds-base 1.4.4.17-1 (bug #991405)
- [bullseye] - 389-ds-base <no-dsa> (Minor issue)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://github.com/389ds/389-ds-base/issues/4817
NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Jan 2025] DLA-4021-1 389-ds-base - security update
+ {CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-2850 CVE-2024-2199 CVE-2024-3657 CVE-2024-5953 CVE-2024-8445}
+ [bullseye] - 389-ds-base 1.4.4.11-2+deb11u1
[19 Jan 2025] DLA-4020-1 libreoffice - security update
{CVE-2024-12425 CVE-2024-12426}
[bullseye] - libreoffice 1:7.0.4-4+deb11u12
=====================================
data/dla-needed.txt
=====================================
@@ -23,9 +23,6 @@ https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issu
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
---
-389-ds-base (andrewsh)
- NOTE: 20240922: Added by Front-Desk (apo)
--
ansible (lee)
NOTE: 20240915: Added by Front-Desk (ta)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3cb493edf75a4f5d8aa0d1c40c23b02124f60a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3cb493edf75a4f5d8aa0d1c40c23b02124f60a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250119/7261f7a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list