Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
435588ce by Salvatore Bonaccorso at 2022-12-27T14:58:21+01:00
Reserve DSA number for gerbv update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -98626,7 +98626,6 @@ CVE-2021-40404 (An authentication bypass vulnerability
exists in the cgiserver.c
CVE-2021-40403 (An information disclosure vulnerability exists in the
pick-and-place r ...)
{DLA-3210-1}
- gerbv 2.9.2-1
- [bullseye] - gerbv <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
NOTE: https://github.com/gerbv/gerbv/issues/82
NOTE: Fixed by:
https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878
(v2.9.1-rc.1)
@@ -98660,7 +98659,6 @@ CVE-2021-40395
REJECTED
CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X
aperture ma ...)
- gerbv 2.8.1-1
- [bullseye] - gerbv <no-dsa> (Minor issue)
[buster] - gerbv <no-dsa> (Minor issue)
[stretch] - gerbv <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405
@@ -98668,7 +98666,6 @@ CVE-2021-40394 (An out-of-bounds write vulnerability
exists in the RS-274X apert
NOTE:
https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f
(v2.8.1-rc.1)
CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X
aperture ma ...)
- gerbv 2.8.2-1
- [bullseye] - gerbv <no-dsa> (Minor issue)
[buster] - gerbv <no-dsa> (Minor issue)
[stretch] - gerbv <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Dec 2022] DSA-5306-1 gerbv - security update
+ {CVE-2021-40393 CVE-2021-40394 CVE-2021-40401 CVE-2021-40403}
+ [bullseye] - gerbv 2.7.0-2+deb11u2
[21 Dec 2022] DSA-5305-1 libksba - security update
{CVE-2022-47629}
[bullseye] - libksba 1.5.0-3+deb11u2
=====================================
data/dsa-needed.txt
=====================================
@@ -17,9 +17,6 @@ curl
--
frr
--
-gerbv (carnil)
- Aron proposed debdiff for review
---
lava
--
linux (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/435588ce023492b08926739fcc7930819f28d616
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/435588ce023492b08926739fcc7930819f28d616
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
