[Git][security-tracker-team/security-tracker][master] Ignore CVE-2022-21682 and CVE-2021-43860 for flatpak in stretch

Tue, 08 Feb 2022 04:18:06 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67f9aaf9 by Sylvain Beucler at 2022-02-08T13:14:07+01:00
Ignore CVE-2022-21682 and CVE-2021-43860 for flatpak in stretch
following secteam analysis at 053f0cd77086c6f73f0d6d33b93833e99ba796c0
+ no LTS contributor claimed it since it was added

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -15258,6 +15258,7 @@ CVE-2022-21682 (Flatpak is a Linux application 
sandboxing and distribution frame
        {DSA-5049-1}
        - flatpak 1.12.3-1
        [buster] - flatpak <ignored> (Intrusive and risky to backport)
+       [stretch] - flatpak <ignored> (Intrusive and risky to backport)
        NOTE: 
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
        NOTE: 
https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
        NOTE: Documentation: 
https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
@@ -15596,6 +15597,7 @@ CVE-2021-43860 (Flatpak is a Linux application 
sandboxing and distribution frame
        {DSA-5049-1}
        - flatpak 1.12.3-1
        [buster] - flatpak <ignored> (Intrusive and risky to backport)
+       [stretch] - flatpak <ignored> (Intrusive and risky to backport)
        NOTE: 
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
        NOTE: 
https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
        NOTE: 
https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee


=====================================
data/dla-needed.txt
=====================================
@@ -42,9 +42,6 @@ firmware-nonfree (Markus Koschany)
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding 
possible "ignore" tag
   NOTE: 20211207: Intend to release this week.
 --
-flatpak
-  NOTE: 20220113: upcoming DSA; non-trivial backport (Beuc)
---
 gif2apng (Anton)
   NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate 
with Debian QA to write our own patches (Beuc)
   NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67f9aaf93d2371937c621db4be16651fd6ad7706

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67f9aaf93d2371937c621db4be16651fd6ad7706
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to