Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
088ac34e by Markus Koschany at 2022-06-20T00:14:36+02:00
Remove no-dsa tags of cyrus-imapd/stretch
- - - - -
a3261ec2 by Markus Koschany at 2022-06-20T00:29:37+02:00
Reserve DLA-3052-1 cyrus-imapd
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -71561,7 +71561,6 @@ CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote
attackers to cause a denia
- cyrus-imapd 3.4.2-1 (bug #993433)
[bullseye] - cyrus-imapd 3.2.6-2+deb11u1
[buster] - cyrus-imapd 3.0.8-6+deb10u6
- [stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point
release)
- cyrus-imapd-2.4 <removed>
NOTE:
https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e
(master)
@@ -186580,7 +186579,6 @@ CVE-2019-18929 (Western Digital My Cloud EX2 Ultra
firmware 2.31.183 allows web
CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows
privilege ...)
- cyrus-imapd 3.0.12-1
[buster] - cyrus-imapd 3.0.8-6+deb10u3
- [stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point
release)
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/e675bf7b0e9c6e160516d274bffaec6f9dccaef7
(cyrus-imapd-3.0.12)
NOTE: Fixed in 3.0.12 and 2.5.14 upstream
CVE-2019-18927
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Jun 2022] DLA-3052-1 cyrus-imapd - security update
+ {CVE-2019-18928 CVE-2021-33582}
+ [stretch] - cyrus-imapd 2.5.10-3+deb9u3
[15 Jun 2022] DLA-3051-1 tzdata - new timezone database
[stretch] - tzdata 2021a-0+deb9u4
[10 Jun 2022] DLA-3050-1 vlc - security update
=====================================
data/dla-needed.txt
=====================================
@@ -52,10 +52,6 @@ curl (Emilio)
NOTE: 20220615: made some progress on the test regressions, some are due to
flaky tests apparently,
NOTE: 20220615: but at least one seems to be caused by one of the fixes
(pochu)
--
-cyrus-imapd (Markus Koschany)
- NOTE: 20220529: Programming language: C.
- NOTE: 20220523: Follow buster: harmonize with with DSA-4590-1 and Debian
10.11 (2 CVEs) (Beuc/front-desk)
---
exempi
NOTE: 20220529: Programming language: C++.
NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further
analysis
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d2d71dbc632f680f2ee92645fe40e0468923cc0...a3261ec2ad446d890223e6c115ed971f2a49d08a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d2d71dbc632f680f2ee92645fe40e0468923cc0...a3261ec2ad446d890223e6c115ed971f2a49d08a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
