[Git][security-tracker-team/security-tracker][master] Reserve DLA-4160-1 for libbson-xs-perl

Roberto C. Sánchez (@roberto) roberto at debian.org
Fri May 9 16:38:49 BST 2025 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac1c4e69 by Roberto C. Sánchez at 2025-05-09T11:38:33-04:00
Reserve DLA-4160-1 for libbson-xs-perl

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 May 2025] DLA-4160-1 libbson-xs-perl - security update
+	{CVE-2017-14227 CVE-2018-16790 CVE-2023-0437 CVE-2024-6381 CVE-2024-6383 CVE-2025-0755}
+	[bullseye] - libbson-xs-perl 0.8.4-1+deb11u1
 [09 May 2025] DLA-4159-1 postgresql-13 - security update
 	{CVE-2025-4207}
 	[bullseye] - postgresql-13 13.21-0+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -158,13 +158,6 @@ krb5 (rouca)
   NOTE: 20250422: Backporting knob allow_des3 and allow_rc4 variables in [libdefaults] may be suffisant (rouca)
   NOTE: 20250504: Bookworm PU on review (rouca)
 --
-libbson-xs-perl (roberto)
-  NOTE: 20250331: Added by Front-Desk (Beuc)
-  NOTE: 20250331: Cf. mongo-c-driver (provides libbson which libbson-xs-perl embeds) (Beuc/front-desk)
-  NOTE: 20250503: Backported patches for bookworm and bullseye to fix all open CVEs. (roberto)
-  NOTE: 20250503: Contacted maintainer on whether changes should go in team repo or not. (roberto)
-  NOTE: 20250504: submitted to bookworm-pu, https://bugs.debian.org/1104705 (roberto)
---
 libeconf (Chris Lamb)
   NOTE: 20250430: Added by Front-Desk (lamby)
   NOTE: 20250430: CVE-2023-22652 & CVE-2023-32181, two buffer overflows, are now fixed in bookworm via DSA or point release. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac1c4e693f7c4ff280d7b8810761bb8cae184b27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac1c4e693f7c4ff280d7b8810761bb8cae184b27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/ade09880/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list