Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: ceb08c6f by Chris Lamb at 2022-08-15T09:25:35-07:00 data/dla-needed.txt: Correct ordering - - - - - 056ee9ff by Chris Lamb at 2022-08-15T09:26:58-07:00 data/dla-needed.txt: Triage freecad for buster LTS (CVE-2021-45844 & CVE-2021-45845) - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -32,6 +32,10 @@ curl (Markus Koschany) epiphany-browser (Emilio) NOTE: 20220811: Programming language: C. -- +freecad + NOTE: 20220815: Programming language: Python. + NOTE: 20220815: Not all of the vulnerable os.system calls exist in the buster version. (lamby) +-- jetty9 (Markus Koschany) NOTE: 20220802: Programming language: Java. -- @@ -42,6 +46,8 @@ kopanocore (Andreas Rönnquist) NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- +linux (Ben Hutchings) +-- maven-shared-utils NOTE: 20220813: Programming language: Java NOTE: 20220813: VCS: https://salsa.debian.org/java-team/maven-shared-utils @@ -49,8 +55,6 @@ maven-shared-utils NOTE: 20220813: Special attention: Relatively high popcon NOTE: 20220813: Patch is relatively high. Please check, whether it can safely be applied (Anton) -- -linux (Ben Hutchings) --- mediawiki (Markus Koschany) NOTE: 20220810: Programming language: PHP. -- @@ -64,6 +68,16 @@ nodejs puma (Abhijith PA) NOTE: 20220801: Programming language: Ruby. -- +qemu (Abhijith PA) + NOTE: 20220802: Programming language: C. + NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and + NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) + NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) +-- +rsync (Stefano Rivera) + NOTE: 20220811: Programming language: C. + NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton) +-- salt NOTE: 20220814: Programming language: Python NOTE: 20220814: Packages is not in the supported packages by us. @@ -76,16 +90,6 @@ schroot (carnil) NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates NOTE: 20220813: Debian security team will release DSA and DLA -- -rsync (Stefano Rivera) - NOTE: 20220811: Programming language: C. - NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton) --- -qemu (Abhijith PA) - NOTE: 20220802: Programming language: C. - NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and - NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) - NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) --- zlib (Emilio) NOTE: 20220813: Programming language: C NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f57cf0615ec39fed368e5870588405b736800cca...056ee9ff15773917d30fd1409bb8bef9de807e95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f57cf0615ec39fed368e5870588405b736800cca...056ee9ff15773917d30fd1409bb8bef9de807e95 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
