[Git][security-tracker-team/security-tracker][master] 2 commits: Claim ini4j in dla-needed.txt

Markus Koschany (@apo) Sun, 27 Nov 2022 14:29:14 -0800


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
02490bd0 by Markus Koschany at 2022-11-27T23:27:51+01:00
Claim ini4j in dla-needed.txt

- - - - -
3f7f5edd by Markus Koschany at 2022-11-27T23:28:52+01:00
Reserve DLA-3208-1 for varnish

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -194003,7 +194003,6 @@ CVE-2020-11654
        RESERVED
 CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 
6.1.x and 6 ...)
        - varnish 6.4.0-1 (bug #956307)
-       [buster] - varnish <postponed> (Can be fixed along in next DSA)
        [stretch] - varnish <not-affected> (Only affects 6.x)
        [jessie] - varnish <not-affected> (Only affects 6.x)
        NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2022] DLA-3208-1 varnish - security update
+       {CVE-2020-11653 CVE-2022-45060}
+       [buster] - varnish 6.1.1-1+deb10u4
 [27 Nov 2022] DLA-3207-1 jackson-databind - security update
        {CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
        [buster] - jackson-databind 2.9.8-3+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -89,7 +89,7 @@ imagemagick (Roberto C. Sánchez)
   NOTE: 20220904: VCS: 
https://salsa.debian.org/lts-team/packages/imagemagick.git
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
-ini4j
+ini4j (Markus Koschany)
   NOTE: 20221012: Programming language: Java.
   NOTE: 20221012: Require investigation (lamby)
 --
@@ -331,10 +331,6 @@ trafficserver
 twisted (Dominik George)
   NOTE: 20221030: Programming language: Python.
 --
-varnish (Markus Koschany)
-  NOTE: 20221109: Programming language: C.
-  NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
---
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1af13e3376f0932c4781fd9a7241373b91e149e8...3f7f5edd18002d34426498de0b7eb14a7e3506da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1af13e3376f0932c4781fd9a7241373b91e149e8...3f7f5edd18002d34426498de0b7eb14a7e3506da
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Claim ini4j in dla-needed.txt

Reply via email to