[Git][security-tracker-team/security-tracker][master] 2 commits: lts: CVE-2024-33655/unbound ignored on bullseye

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54739391 by Emilio Pozuelo Monfort at 2025-01-31T17:25:05+01:00
lts: CVE-2024-33655/unbound ignored on bullseye

- - - - -
37baa6f5 by Emilio Pozuelo Monfort at 2025-01-31T17:25:05+01:00
lts: remove unbound entry, no open issues

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -74837,7 +74837,7 @@ CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is vulne
 CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote attackers to ca ...)
 	- unbound 1.20.0-1
 	[bookworm] - unbound <ignored> (Minor issue, too intrusive to backport)
-	[bullseye] - unbound <no-dsa> (Minor issue)
+	[bullseye] - unbound <ignored> (Minor issue, too intrusive to backport)
 	[buster] - unbound <ignored> (Not affected by DoS, intrusive changes)
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de (release-1.20.0rc1)


=====================================
data/dla-needed.txt
=====================================
@@ -275,15 +275,6 @@ twitter-bootstrap3
   NOTE: 20241110: Added by Front-Desk (apo)
   NOTE: 20241119: Supportability discussion https://lists.debian.org/debian-lts/2024/11/msg00030.html (Beuc/front-desk)
 --
-unbound
-  NOTE: 20240825: Added by Front-Desk (ta)
-  NOTE: 20240929: The patch for CVE-2024-33655 was considered too intrusive for Buster. (dleidert)
-  NOTE: 20240929: It seems reasonable that in that case that is true for Bullseye as well. (dleidert)
-  NOTE: 20241206: There is no DLA to prepare for this package, rather CVE noted above must be assessed and a final disposition applied for bullseye (roberto)
-  NOTE: 20241206: A stable update is also needed, https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/164
-  NOTE: 20241229: Maintainer of unbound has prepared upload to Bookworm for CVE-2024-8508: (dleidert)
-  NOTE: 20241229: https://salsa.debian.org/dns-team/unbound/-/commit/0764b34ac1488a85cbfee5dfc3735448117aaaf9 (dleidert)
---
 vim (Sean Whitton)
   NOTE: 20250114: Added by Front-Desk (rouca)
   NOTE: 20250129: Fixes for first 29 outstanding CVEs backported in



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e54567a5c7eed070e4b377457b44125a3257818...37baa6f5ab58aef670fdaced952f1e805e48b66b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e54567a5c7eed070e4b377457b44125a3257818...37baa6f5ab58aef670fdaced952f1e805e48b66b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250131/e57829d5/attachment.htm>