[Git][security-tracker-team/security-tracker][master] 2 commits: lts: claim flightgear and simgear

Tobias Quathamer (@toddy) toddy at debian.org
Wed Jan 29 12:53:12 GMT 2025



Tobias Quathamer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
072e6c2d by Dr. Tobias Quathamer at 2025-01-29T13:52:54+01:00
lts: claim flightgear and simgear

- - - - -
982913b3 by Dr. Tobias Quathamer at 2025-01-29T13:52:55+01:00
Add info about backported patches for flightgear and simgear

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -734,6 +734,8 @@ CVE-2025-0781 (An attacker can bypass the sandboxing of Nasal scripts and arbitr
 	[bullseye] - simgear <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
 	NOTE: Fixed by: https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8
+	NOTE: Backported patch for 2020.3.6: https://gitlab.com/frougon/flightgear-flightgear/-/commit/cf99dc921aadab502ff90a1dd943d8bbb897de91
+	NOTE: Backported patch for 2020.3.6: https://gitlab.com/frougon/flightgear-simgear/-/commit/f2e8c8ce3925e62275d97d46c73c32cbc864d80b
 CVE-2024-31906 (IBM Automation Decision Services 23.0.2 allows web pages to be stored  ...)
 	NOT-FOR-US: IBM
 CVE-2024-13505 (The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Si ...)


=====================================
data/dla-needed.txt
=====================================
@@ -77,7 +77,7 @@ espeak-ng
   NOTE: 20241014: Still looking at the incomplete fixes (abhijith)
   NOTE: 20241104: haven't spend time to look in to it. Will look after fixing puma (abhijith)
 --
-flightgear (Emilio)
+flightgear (Tobias Quathamer)
   NOTE: 20250129: Added by Front-Desk (pochu)
   NOTE: 20250129: maintainer will upload a fixed package (pochu)
 --
@@ -228,7 +228,7 @@ shadow
   NOTE: 20250105: shadow is a high-profile package. Upstream discussion for CVE-2024-56433 is
   NOTE: 20250105: ongoing. I'm adding it to dla-needed.txt to keep it on our radar.
 --
-simgear (Emilio)
+simgear (Tobias Quathamer)
   NOTE: 20250129: Added by Front-Desk (pochu)
   NOTE: 20250129: maintainer will upload a fixed package (pochu)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/12ade3c5e918df8e571bfcc5466d93a43939bcd6...982913b3d4ba98c82c4f7bf83fdcb5fc7c971408

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/12ade3c5e918df8e571bfcc5466d93a43939bcd6...982913b3d4ba98c82c4f7bf83fdcb5fc7c971408
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/ff64e977/attachment.htm>


More information about the debian-security-tracker-commits mailing list