Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ac8fd8a by Sylvain Beucler at 2022-01-17T18:57:12+01:00
Reserve DLA-2886-1 for slurm-llnl
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -85074,7 +85074,6 @@ CVE-2020-27745 (Slurm before 19.05.8 and 20.x before
20.02.6 has an RPC Buffer O
{DSA-4841-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with
renamed source package)
- slurm-llnl <removed> (bug #974721)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://www.schedmd.com/news.php?id=240
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
NOTE:
https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81
@@ -120686,7 +120685,6 @@ CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and
20.02.x before 20.02.3, in the
{DSA-4841-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with
renamed source package)
- slurm-llnl <removed> (bug #961406)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
[jessie] - slurm-llnl <not-affected> (Message Aggregation added in
14.11)
NOTE: https://www.schedmd.com/news.php?id=236
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
@@ -175597,7 +175595,6 @@ CVE-2013-7472 (The "Count per Day" plugin before
3.2.6 for WordPress allows XSS
CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0
allows SQL ...)
{DSA-4572-1 DLA-2143-1}
- slurm-llnl 19.05.3.2-1 (bug #931880)
- [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
NOTE:
https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows
remote attack ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Jan 2022] DLA-2886-1 slurm-llnl - security update
+ {CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215}
+ [stretch] - slurm-llnl 16.05.9-1+deb9u5
[17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update
{CVE-2021-3481 CVE-2021-45930}
[stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -119,14 +119,6 @@ samba (Utkarsh Gupta)
NOTE: 20211212: Fix is too large, coordination with ELTS-upload
NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
--
-slurm-llnl (Sylvain Beucler)
- NOTE: 20211229: CVE-2019-12838 is marked "Too intrusive to backport" but was
- NOTE: 20211229: backported to jessie in DLA-2143-1.
- NOTE: 20211229: If CVE-2019-12838 gets fixed, then the 4 other "no DSA" CVEs
- NOTE: 20211229: should also be checked. (bunk)
- NOTE: 20220107: backporting patches (Beuc)
- NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage
---
vim (Emilio)
--
zabbix
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ac8fd8a29d083404da0eb8f448492c433535eb6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ac8fd8a29d083404da0eb8f448492c433535eb6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
