Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ce13f64 by Sylvain Beucler at 2022-06-09T12:04:59+02:00
Reserve DLA-3049-1 for mailman
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -38177,13 +38177,12 @@ CVE-2021-4024 (A flaw was found in podman. The
`podman machine` function (used t
CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can
get a CSR ...)
- mailman <removed>
[buster] - mailman 1:2.1.29-1+deb10u4
- [stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next
DLA)
NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
- NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38)
+ NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38)
NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
NOTE: Regression fixed by:
https://launchpadlibrarian.net/573872803/patch.txt
- NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39)
+ NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39)
CVE-2021-44226 (Razer Synapse before 3.7.0228.022817 allows privilege
escalation becau ...)
NOT-FOR-US: Razer Synapse
CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the
Linux kerne ...)
@@ -41935,7 +41934,6 @@ CVE-2021-43333 (The Datalogic DXU service on (for
example) DL-Axist devices does
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the
Cgi/admindb.py ad ...)
- mailman <removed> (bug #1000367)
[buster] - mailman 1:2.1.29-1+deb10u3
- [stretch] - mailman <no-dsa> (Minor issue)
NOTE:
https://mail.python.org/archives/list/[email protected]/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1876 (2.1.36)
@@ -41943,7 +41941,6 @@ CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF
token for the Cgi/admindb
CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the
Cgi/options.py user ...)
- mailman <removed> (bug #1000367)
[buster] - mailman 1:2.1.29-1+deb10u3
- [stretch] - mailman <no-dsa> (Minor issue)
NOTE:
https://mail.python.org/archives/list/[email protected]/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
NOTE: https://bugs.launchpad.net/mailman/+bug/1949401
NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1875 (2.1.36)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Jun 2022] DLA-3049-1 mailman - security update
+ {CVE-2021-43331 CVE-2021-43332 CVE-2021-44227}
+ [stretch] - mailman 1:2.1.23-1+deb9u8
[09 Jun 2022] DLA-3048-1 python-bottle - security update
{CVE-2022-31799}
[stretch] - python-bottle 0.12.13-1+deb9u2
=====================================
data/dla-needed.txt
=====================================
@@ -147,10 +147,6 @@ linux (Ben Hutchings)
linux-4.19 (Ben Hutchings)
NOTE: 20220529: Programming language: C.
--
-mailman (Sylvain Beucler)
- NOTE: 20220529: Programming language: C.
- NOTE: 20220523: Follow buster: harmonize with with Debian 10.12 (3 CVEs,
regression fixes) (Beuc/front-desk)
---
manila
NOTE: 20220529: Programming language: Python.
NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE)
(Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ce13f64bfce535510878f8a0b726df3206ddca0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ce13f64bfce535510878f8a0b726df3206ddca0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
