[Git][security-tracker-team/security-tracker][master] 5 commits: Claim xfce4-settings in dla-needed.txt

Thu, 24 Nov 2022 07:30:46 -0800 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
addbf000 by Markus Koschany at 2022-11-24T15:39:34+01:00
Claim xfce4-settings in dla-needed.txt

- - - - -
b9d72035 by Markus Koschany at 2022-11-24T16:27:34+01:00
Merge branch 'master' of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -
0baa7172 by Markus Koschany at 2022-11-24T16:27:58+01:00
Remove xfce4-settings from dla-needed.txt

The vulnerable code was introduced later.

- - - - -
0f514658 by Markus Koschany at 2022-11-24T16:29:07+01:00
CVE-2022-45062,xfce4-settings: buster is not affected

The vulnerable code was introduced later

- - - - -
bee1ef77 by Markus Koschany at 2022-11-24T16:30:12+01:00
Claim varnish in dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2464,6 +2464,7 @@ CVE-2022-45063 (xterm before 375 allows code execution 
via font ops, e.g., becau
        NOTE: 238-1, mitigating the issue.
 CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, 
there i ...)
        - xfce4-settings 4.16.4-1 (bug #1023732)
+       [buster] - xfce4-settings <not-affected> (The vulnerable code was 
introduced later)
        NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 (not 
public)
        NOTE: 
https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
 (xfce4-settings-4.17.1)
        NOTE: 
https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
 (xfce4-settings-4.16.4)


=====================================
data/dla-needed.txt
=====================================
@@ -335,7 +335,7 @@ trafficserver
 twisted (Dominik George)
   NOTE: 20221030: Programming language: Python.
 --
-varnish
+varnish (Markus Koschany)
   NOTE: 20221109: Programming language: C.
   NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
 --
@@ -346,9 +346,6 @@ xdg-utils
   NOTE: 20221120: Programming language: C.
   NOTE: 20221120: no real fix yet
 --
-xfce4-settings
-  NOTE: 20221120: Programming language: C.
---
 zabbix
   NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be 
fixed in buster too.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0ef78ab72c85a8a6246ecf33e57e826ed4ccc8d...bee1ef770e87b60a0d46384076de7dec88bf8207

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0ef78ab72c85a8a6246ecf33e57e826ed4ccc8d...bee1ef770e87b60a0d46384076de7dec88bf8207
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to