[Git][security-tracker-team/security-tracker][master] Reserve DLA-4034-1 for simgear

Tobias Quathamer (@toddy) toddy at debian.org
Wed Jan 29 16:32:06 GMT 2025 


Tobias Quathamer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4562f8c by Dr. Tobias Quathamer at 2025-01-29T17:31:56+01:00
Reserve DLA-4034-1 for simgear

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -731,7 +731,6 @@ CVE-2025-0781 (An attacker can bypass the sandboxing of Nasal scripts and arbitr
 	[bullseye] - flightgear <no-dsa> (Minor issue)
 	- simgear 1:2020.3.19+dfsg-1
 	[bookworm] - simgear <no-dsa> (Minor issue)
-	[bullseye] - simgear <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
 	NOTE: Fixed by: https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8
 	NOTE: Backported patch for 2020.3.6: https://gitlab.com/frougon/flightgear-flightgear/-/commit/cf99dc921aadab502ff90a1dd943d8bbb897de91


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Jan 2025] DLA-4034-1 simgear - security update
+	{CVE-2025-0781}
+	[bullseye] - simgear 1:2020.3.6+dfsg-1+deb11u1
 [28 Jan 2025] DLA-4033-1 libtar - security update
 	{CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646}
 	[bullseye] - libtar 1.2.20-8+deb12u1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -228,10 +228,6 @@ shadow
   NOTE: 20250105: shadow is a high-profile package. Upstream discussion for CVE-2024-56433 is
   NOTE: 20250105: ongoing. I'm adding it to dla-needed.txt to keep it on our radar.
 --
-simgear (Tobias Quathamer)
-  NOTE: 20250129: Added by Front-Desk (pochu)
-  NOTE: 20250129: maintainer will upload a fixed package (pochu)
---
 snapcast
   NOTE: 20250118: Added by Front-Desk (rouca)
   NOTE: 20250119: Upstream just re-added a secured Stream.AddStream functionality to fix CVE-2023-36177, but hasn't released it yet (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4562f8c4256dfcc3c8f7c7d520d7575afcd9f6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4562f8c4256dfcc3c8f7c7d520d7575afcd9f6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/af25756f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list