Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: f0c711cf by Sylvain Beucler at 2023-01-05T17:57:58+01:00 dla: check bullseye 11.6 updates - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -20326,7 +20326,6 @@ CVE-2022-3478 CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...) - powerline-gitstatus 1.3.2-1 [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1 - [buster] - powerline-gitstatus <ignored> (Minor issue and solution require the user to reconfigure) NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45 NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46 CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...) ===================================== data/dla-needed.txt ===================================== @@ -45,6 +45,10 @@ curl (Roberto C. Sánchez) NOTE: 20230103: Sorted out issue with broken CVE fix in stable, working with secteam to land the fix (roberto) NOTE: 20230103: Packages ready for bullseye and buster, syncing ELTS releases (roberto) -- +dojo + NOTE: 20230105: Programming language: JavaScript. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- erlang NOTE: 20221119: Programming language: Erlang. NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch) @@ -103,6 +107,14 @@ kopanocore lava NOTE: 20221127: Programming language: Python. -- +lemonldap-ng + NOTE: 20230105: Programming language: Perl. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- +libapache2-mod-auth-mellon + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- libapreq2 NOTE: 20221031: Programming language: C. -- @@ -129,6 +141,10 @@ libsdl2 libstb NOTE: 20221111: Programming language: C. -- +libtasn1-6 + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- libxstream-java NOTE: 20221231: Programming language: Java. NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/libxstream-java.git @@ -175,6 +191,10 @@ node-got NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk) NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby). -- +node-minimatch + NOTE: 20230105: Programming language: JavaScript. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- node-moment NOTE: 20221111: Programming language: JavaScript. NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk) @@ -189,6 +209,10 @@ node-object-path NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk) NOTE: 20221223: Functional part of CVE-2021-3805 might be https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby) -- +node-qs + NOTE: 20230105: Programming language: JavaScript. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- node-url-parse NOTE: 20221111: Programming language: JavaScript. NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk) @@ -224,6 +248,10 @@ pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. -- +powerline-gitstatus + NOTE: 20230105: Programming language: Python. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- protobuf NOTE: 20221031: Programming language: Several. NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf. @@ -342,6 +370,10 @@ xdg-utils NOTE: 20221120: Programming language: C. NOTE: 20221120: no real fix yet -- +xfig + NOTE: 20230105: Programming language: C. + NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) +-- xrdp (Abhijith PA) NOTE: 20221225: Programming language: C. NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits