[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for haproxy/Stretch

Mon, 30 May 2022 09:10:49 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7613b81b by Markus Koschany at 2022-05-30T18:06:22+02:00
Remove no-dsa tags for haproxy/Stretch

- - - - -
eb8dd853 by Markus Koschany at 2022-05-30T18:10:30+02:00
Reserve DLA-3034-1 for haproxy

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -184834,7 +184834,6 @@ CVE-2019-18278 (When executing VideoLAN VLC media 
player 3.0.8 with libqt on Win
 CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, 
messages fea ...)
        - haproxy 2.0.6-1
        [buster] - haproxy 1.8.19-1+deb10u3
-       [stretch] - haproxy <no-dsa> (Minor issue)
        [jessie] - haproxy <no-dsa> (Minor issue)
        NOTE: 
https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
        NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling
@@ -233201,12 +233200,10 @@ CVE-2018-20104
        RESERVED
 CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In 
the cas ...)
        - haproxy 1.8.15-1 (bug #916307)
-       [stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point 
release)
        [jessie] - haproxy <not-affected> (Vulnerable code not present)
        NOTE: 
http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25
 CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c 
was discov ...)
        - haproxy 1.8.15-1 (bug #916308)
-       [stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point 
release)
        [jessie] - haproxy <not-affected> (Vulnerable code not present)
        NOTE: 
http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0
 CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 
1.12.1 f ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 May 2022] DLA-3034-1 haproxy - security update
+       {CVE-2018-20102 CVE-2018-20103 CVE-2019-18277}
+       [stretch] - haproxy 1.7.5-2+deb9u1
 [29 May 2022] DLA-3033-1 smarty3 - security update
        {CVE-2022-29221}
        [stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6


=====================================
data/dla-needed.txt
=====================================
@@ -108,10 +108,6 @@ grunt
 halibut (Anton)
   NOTE: 20220528: Programming language: C.
 --
-haproxy (Markus Koschany)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.0 and 10.6 (3 
CVEs) (Beuc/front-desk)
---
 horizon
   NOTE: 20220529: Programming language: Python.
   NOTE: 20220523: Follow buster: harmonize with with DSA-4820-1 (1 CVE) 
(Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3ccadfb594a1aaac3d2d371be7eb8287f7a7bb6...eb8dd853c952fe7deda8e075c35486e5401e68ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3ccadfb594a1aaac3d2d371be7eb8287f7a7bb6...eb8dd853c952fe7deda8e075c35486e5401e68ee
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to