[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-9488,apache-log4j2: Remove no-dsa tag

Sun, 26 Dec 2021 12:27:31 -0800 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
240c08e9 by Markus Koschany at 2021-12-26T21:25:55+01:00
CVE-2020-9488,apache-log4j2: Remove no-dsa tag

- - - - -
b7ec1f90 by Markus Koschany at 2021-12-26T21:27:09+01:00
Reserve DLA-2852-1 for apache-log4j2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -125406,7 +125406,6 @@ CVE-2020-9489 (A carefully crafted or corrupt file 
may trigger a System.exit in
 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache 
Log4j  ...)
        - apache-log4j2 2.13.3-1 (bug #959450)
        [buster] - apache-log4j2 2.15.0-1~deb10u1
-       [stretch] - apache-log4j2 <no-dsa> (Minor issue; set 
mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
        [jessie] - apache-log4j2 <no-dsa> (Minor issue; set 
mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
        NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Dec 2021] DLA-2852-1 apache-log4j2 - security update
+       {CVE-2020-9488 CVE-2021-45105}
+       [stretch] - apache-log4j2 2.12.3-0+deb9u1
 [26 Dec 2021] DLA-2851-1 libextractor - security update
        {CVE-2019-15531}
        [stretch] - libextractor 1:1.3-4+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -18,8 +18,6 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-apache-log4j2 (Markus Koschany)
---
 condor (Anton)
   NOTE: 20211216: full details embargoed
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d2e052efcbe1f72829fa700ef33112100b2055c...b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d2e052efcbe1f72829fa700ef33112100b2055c...b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to