[Git][security-tracker-team/security-tracker][master] 4 commits: Mark CVE-2021-4156/libsndfile as no-dsa for stretch

Sun, 26 Dec 2021 12:32:56 -0800 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0be19354 by Utkarsh Gupta at 2021-12-27T02:02:01+05:30
Mark CVE-2021-4156/libsndfile as no-dsa for stretch

- - - - -
51652ffc by Utkarsh Gupta at 2021-12-27T02:02:01+05:30
Mark CVE-2021-4147/libvirt for stretch

- - - - -
eee03239 by Utkarsh Gupta at 2021-12-27T02:02:01+05:30
Add note for CVE-2021-45101/condor

- - - - -
8bb9e0bc by Utkarsh Gupta at 2021-12-27T02:02:18+05:30
Add apache2 to dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -518,6 +518,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in 
flac_buffer_copy]
        - libsndfile <unfixed>
        [bullseye] - libsndfile <no-dsa> (Minor issue)
        [buster] - libsndfile <no-dsa> (Minor issue)
+       [stretch] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/libsndfile/libsndfile/issues/731
        NOTE: 
https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc
 (1.1.0beta1)
 CVE-2021-4155
@@ -967,6 +968,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver]
        - libvirt <unfixed> (bug #1002535)
        [bullseye] - libvirt <no-dsa> (Minor issue)
        [buster] - libvirt <no-dsa> (Minor issue)
+       [stretch] - libvirt <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
        NOTE: 
https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
        NOTE: 
https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8


=====================================
data/dla-needed.txt
=====================================
@@ -18,8 +18,12 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
+apache2
+--
 condor (Anton)
   NOTE: 20211216: full details embargoed
+  NOTE: 20211227: the fix is out and now available; cf:
+  NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee. 
(utkarsh)
 --
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f...8bb9e0bcdc8e9984f3712cb90a83617208f9a897

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b7ec1f90f11f80dda9fa0bed9887cec45b2ece1f...8bb9e0bcdc8e9984f3712cb90a83617208f9a897
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to