[Git][security-tracker-team/security-tracker][master] Reserve DLA-2987-1 for libarchive

Thorsten Alteholz (@alteholz) Sat, 30 Apr 2022 10:16:22 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5812b1d7 by Thorsten Alteholz at 2022-04-30T19:15:55+02:00
Reserve DLA-2987-1 for libarchive

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -173983,7 +173983,6 @@ CVE-2019-19222 (A Stored XSS issue in the D-Link 
DSL-2680 web administration int
 CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in 
archive_string ...)
        - libarchive 3.4.2-1 (bug #945287)
        [buster] - libarchive <no-dsa> (Minor issue)
-       [stretch] - libarchive <no-dsa> (Minor issue)
        [jessie] - libarchive <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
        NOTE: https://github.com/libarchive/libarchive/issues/1276


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Apr 2022] DLA-2987-1 libarchive - security update
+       {CVE-2019-19221 CVE-2021-23177 CVE-2021-31566}
+       [stretch] - libarchive 3.2.2-2+deb9u3
 [28 Apr 2022] DLA-2986-1 golang-1.8 - security update
        {CVE-2022-23772 CVE-2022-23806 CVE-2022-24921}
        [stretch] - golang-1.8 1.8.1-1+deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -77,9 +77,6 @@ kvmtool
   NOTE: 20220402: stretch-specific, orphaned package (Beuc)
   NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for 
acknowledgments/fixes (Beuc)
 --
-libarchive (Thorsten Alteholz)
-  NOTE: 20220423: still testing, some tests still fail
---
 liblouis (Andreas Rönnquist)
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
   NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5812b1d7debbdecbe714b955e937d5eb98a12934

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5812b1d7debbdecbe714b955e937d5eb98a12934
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2987-1 for libarchive

Reply via email to