[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.

Ola Lundqvist (@opal) Tue, 06 Sep 2022 14:44:11 -0700


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
16e67227 by Ola Lundqvist at 2022-09-06T23:35:57+02:00
Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.

- - - - -
c6a9d207 by Ola Lundqvist at 2022-09-06T23:38:54+02:00
Marked CVE-2021-32740 for ruby-addressable as no-dsa in buster with motivation 
minor issue. This follows the decision made earlier for stretch. For bullseye 
it was fixed but since the issue was considered minor for strech there is no 
reason why a backport should be made in buster.

- - - - -
12737123 by Ola Lundqvist at 2022-09-06T23:43:03+02:00
Added trafficserver to dla-needed following decision for bullseye.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -90751,6 +90751,7 @@ CVE-2021-32741 (Nextcloud Server is a Nextcloud package 
that handles data storag
        - nextcloud-server <itp> (bug #941708)
 CVE-2021-32740 (Addressable is an alternative implementation to the URI 
implementation ...)
        - ruby-addressable 2.7.0-2 (bug #990791)
+       [buster] - ruby-addressable <no-dsa> (Minor issue)
        [stretch] - ruby-addressable <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
        NOTE: 
https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
@@ -97894,8 +97895,10 @@ CVE-2021-30131
        RESERVED
 CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA 
PKCS#1 v1. ...)
        - phpseclib 1.0.19-3
+       [buster] - phpseclib <not-affected> (Only affects 3.x branch)
        [stretch] - phpseclib <not-affected> (Only affects 3.x branch)
        - php-phpseclib 2.0.30-2
+       [buster] - php-phpseclib <not-affected> (Only affects 3.x branch)
        [stretch] - php-phpseclib <not-affected> (Only affects 3.x branch)
        - php-phpseclib3 3.0.7-1
        NOTE: 
https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890


=====================================
data/dla-needed.txt
=====================================
@@ -133,6 +133,9 @@ sqlite3
 thunderbird
   NOTE: 20220904: Programming language: C++.
 --
+trafficserver
+  NOTE: 20220905: Programming language: C
+--
 unzip
   NOTE: 20220904: Programming language: C.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/027eab42daeb5a6960d7fa6cf9cdbc55c0735276...12737123bebbbb5418693cca11ba91d2ecb59d32

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/027eab42daeb5a6960d7fa6cf9cdbc55c0735276...12737123bebbbb5418693cca11ba91d2ecb59d32
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.

Reply via email to