[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-39214, CVE-2021-39214 as ignored for stretch. Lot

Abhijith PA (@abhijith) Thu, 28 Apr 2022 00:03:51 -0700


Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
64ce5505 by Abhijith PA at 2022-04-28T12:32:50+05:30
 Mark CVE-2021-39214, CVE-2021-39214 as ignored for stretch. Lot
 of code refactoring done in later versions making hard to backport.
 Partial fix can be done but not worth the effort.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14072,6 +14072,7 @@ CVE-2022-24766 (mitmproxy is an interactive, 
SSL/TLS-capable intercepting proxy.
        - mitmproxy <unfixed> (bug #1008948)
        [bullseye] - mitmproxy <no-dsa> (Minor issue)
        [buster] - mitmproxy <no-dsa> (Minor issue)
+       [stretch] - mitmproxy <ignored> (Minor issue, intrusive to backport)
        NOTE: 
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3
        NOTE: 
https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b
 (v8.0.0)
 CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific 
patches.  ...)
@@ -45770,7 +45771,7 @@ CVE-2021-39214 (mitmproxy is an interactive, 
SSL/TLS-capable intercepting proxy.
        - mitmproxy <unfixed> (bug #994570)
        [bullseye] - mitmproxy <no-dsa> (Minor issue)
        [buster] - mitmproxy <no-dsa> (Minor issue)
-       [stretch] - mitmproxy <no-dsa> (Minor issue)
+       [stretch] - mitmproxy <ignored> (Minor issue, intrusive to backport)
        NOTE: 
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38
 CVE-2021-39213 (GLPI is a free Asset and IT management software package. 
Starting in v ...)
        - glpi <removed> (unimportant)


=====================================
data/dla-needed.txt
=====================================
@@ -112,8 +112,6 @@ mbedtls (Utkarsh)
   NOTE: 20220404: update prepared, needs testing. (utkarsh)
   NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh)
 --
-mitmproxy
---
 mruby
 --
 mutt (Utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64ce55053ebfc2eecc47d764ebc8e15976d4eca0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64ce55053ebfc2eecc47d764ebc8e15976d4eca0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-39214, CVE-2021-39214 as ignored for stretch. Lot

Reply via email to