[Git][security-tracker-team/security-tracker][master] Reserve DLA-3202-1 for libarchive

Tue, 22 Nov 2022 06:39:41 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65152569 by Sylvain Beucler at 2022-11-22T15:39:06+01:00
Reserve DLA-3202-1 for libarchive

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -73415,7 +73415,6 @@ CVE-2021-31566 (An improper link resolution flaw can 
occur while extracting an a
        {DLA-2987-1}
        - libarchive 3.5.2-1 (bug #1001990)
        [bullseye] - libarchive 3.4.3-2+deb11u1
-       [buster] - libarchive <no-dsa> (Minor issue)
        NOTE: https://github.com/libarchive/libarchive/issues/1566
        NOTE: 
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
 (v3.5.2)
        NOTE: 
https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
 (v3.5.2)
@@ -73423,7 +73422,6 @@ CVE-2021-23177 (An improper link resolution flaw while 
extracting an archive can
        {DLA-2987-1}
        - libarchive 3.5.2-1 (bug #1001986)
        [bullseye] - libarchive 3.4.3-2+deb11u1
-       [buster] - libarchive <no-dsa> (Minor issue)
        NOTE: https://github.com/libarchive/libarchive/issues/1565
        NOTE: 
https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
 (v3.5.2)
 CVE-2022-21943
@@ -221421,7 +221419,6 @@ CVE-2019-19222 (A Stored XSS issue in the D-Link 
DSL-2680 web administration int
 CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in 
archive_string ...)
        {DLA-2987-1}
        - libarchive 3.4.2-1 (bug #945287)
-       [buster] - libarchive <no-dsa> (Minor issue)
        [jessie] - libarchive <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
        NOTE: https://github.com/libarchive/libarchive/issues/1276


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Nov 2022] DLA-3202-1 libarchive - security update
+       {CVE-2019-19221 CVE-2021-23177 CVE-2021-31566}
+       [buster] - libarchive 3.3.3-4+deb10u2
 [22 Nov 2022] DLA-3201-1 ntfs-3g - security update
        {CVE-2022-40284}
        [buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -122,10 +122,6 @@ krb5 (Chris Lamb)
 libapreq2
   NOTE: 20221031: Programming language: C.
 --
-libarchive (Sylvain Beucler)
-  NOTE: 20221111: Programming language: C.
-  NOTE: 20221111: Sync with jessie/stretch/bullseye-11.3 (Beuc/front-desk)
---
 libcommons-jxpath-java
   NOTE: 20221027: Programming language: Java.
   NOTE: 20221027: Maintainer notes: Wait for the outcome of upstream 
discussion. See CVE-2022-41852 for pull requests.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65152569c75cc7c40720ec04d273bee705fcc9d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65152569c75cc7c40720ec04d273bee705fcc9d5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to