[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-5020-1 for apache-log4j2

Sat, 11 Dec 2021 11:10:07 -0800 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
11a105cb by Markus Koschany at 2021-12-11T20:06:16+01:00
Reserve DSA-5020-1 for apache-log4j2

- - - - -
2444300b by Markus Koschany at 2021-12-11T20:09:30+01:00
CVE-2020-9488,apache-log4j2: Remove no-dsa tag

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -122290,7 +122290,7 @@ CVE-2020-9489 (A carefully crafted or corrupt file 
may trigger a System.exit in
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache 
Log4j  ...)
        - apache-log4j2 2.13.3-1 (bug #959450)
-       [buster] - apache-log4j2 <no-dsa> (Minor issue)
+       [buster] - apache-log4j2 2.15.0-1~deb10u1
        [stretch] - apache-log4j2 <no-dsa> (Minor issue; set 
mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
        [jessie] - apache-log4j2 <no-dsa> (Minor issue; set 
mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[11 Dec 2021] DSA-5020-1 apache-log4j2 - security update
+       {CVE-2021-44228}
+       [buster] - apache-log4j2 2.15.0-1~deb10u1
+       [bullseye] - apache-log4j2 2.15.0-1~deb11u1
 [10 Dec 2021] DSA-5019-1 wireshark - security update
        {CVE-2021-22207 CVE-2021-22222 CVE-2021-22235 CVE-2021-39920 
CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 
CVE-2021-39926 CVE-2021-39928 CVE-2021-39929}
        [bullseye] - wireshark 3.4.10-0+deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source 
package.
 
---
-apache-log4j2 (Markus Koschany)
 --
 asterisk/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aeb82e2e0e8130bfc4ffffe6c8cc1add42b26b47...2444300b8424f5e7202edf440613a3c1bff5d0a3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aeb82e2e0e8130bfc4ffffe6c8cc1add42b26b47...2444300b8424f5e7202edf440613a3c1bff5d0a3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to