[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-41617/openssh as no-dsa for stretch

Thu, 04 Nov 2021 12:05:09 -0700 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8f39f03e by Utkarsh Gupta at 2021-11-05T00:34:46+05:30
Mark CVE-2021-41617/openssh as no-dsa for stretch

- - - - -
b4148c14 by Utkarsh Gupta at 2021-11-05T00:34:46+05:30
Drop openssh from dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6172,6 +6172,7 @@ CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 
8.8, when certain non-def
        - openssh <unfixed> (bug #995130)
        [bullseye] - openssh <no-dsa> (Minor issue)
        [buster] - openssh <no-dsa> (Minor issue)
+       [stretch] - openssh <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
        NOTE: 
https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
        NOTE: 
https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde


=====================================
data/dla-needed.txt
=====================================
@@ -79,15 +79,6 @@ nvidia-graphics-drivers
 openjdk-8 (Roberto C. Sánchez)
   NOTE: 20211101: coordinating with maribilos, waiting on upstream to finalize 
tags (roberto)
 --
-openssh (Utkarsh)
-  NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in
-  NOTE: 20211003: Ubuntu (and can see the same code differences here);
-  NOTE: 20211003: check if that needs to be fixed; talking to -security.
-  NOTE: 20211003: also CVE-2021-41617 is new; might be a good idea to
-  NOTE: 20211003: club both these together. (utkarsh)
-  NOTE: 20211018: the regression doesn't happen for stretch; looking at
-  NOTE: 20211018: the other bit. (utkarsh)
---
 redis (Chris Lamb)
   NOTE: 20211004: Fixed in sid and experimental. (lamby)
   NOTE: 20211006: buster-pu filed in #995825. (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e0ab38847bbdcb837ccdfe6d6ba092c0bc4be03...b4148c14fc5731c4702c9cfacbe401e713779b72

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e0ab38847bbdcb837ccdfe6d6ba092c0bc4be03...b4148c14fc5731c4702c9cfacbe401e713779b72
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to