[Git][security-tracker-team/security-tracker][master] dla: check bullseye 11.6 updates

Sylvain Beucler (@beuc) Thu, 05 Jan 2023 08:58:40 -0800


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f0c711cf by Sylvain Beucler at 2023-01-05T17:57:58+01:00
dla: check bullseye 11.6 updates

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -20326,7 +20326,6 @@ CVE-2022-3478
 CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 
allows arbi ...)
        - powerline-gitstatus 1.3.2-1
        [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1
-       [buster] - powerline-gitstatus <ignored> (Minor issue and solution 
require the user to reconfigure)
        NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
        NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
 CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's 
net/blu ...)


=====================================
data/dla-needed.txt
=====================================
@@ -45,6 +45,10 @@ curl (Roberto C. Sánchez)
   NOTE: 20230103: Sorted out issue with broken CVE fix in stable, working with 
secteam to land the fix (roberto)
   NOTE: 20230103: Packages ready for bullseye and buster, syncing ELTS 
releases (roberto)
 --
+dojo
+  NOTE: 20230105: Programming language: JavaScript.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 erlang
   NOTE: 20221119: Programming language: Erlang.
   NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request 
has been for Stretch)
@@ -103,6 +107,14 @@ kopanocore
 lava
   NOTE: 20221127: Programming language: Python.
 --
+lemonldap-ng
+  NOTE: 20230105: Programming language: Perl.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
+libapache2-mod-auth-mellon
+  NOTE: 20230105: Programming language: C.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 libapreq2
   NOTE: 20221031: Programming language: C.
 --
@@ -129,6 +141,10 @@ libsdl2
 libstb
   NOTE: 20221111: Programming language: C.
 --
+libtasn1-6
+  NOTE: 20230105: Programming language: C.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 libxstream-java
   NOTE: 20221231: Programming language: Java.
   NOTE: 20221231: VCS: 
https://salsa.debian.org/lts-team/packages/libxstream-java.git
@@ -175,6 +191,10 @@ node-got
   NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
   NOTE: 20221223: Module has been rewritten in Typescript since Buster 
released (lamby).
 --
+node-minimatch
+  NOTE: 20230105: Programming language: JavaScript.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 node-moment
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
@@ -189,6 +209,10 @@ node-object-path
   NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
   NOTE: 20221223: Functional part of CVE-2021-3805 might be 
https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby)
 --
+node-qs
+  NOTE: 20230105: Programming language: JavaScript.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 node-url-parse
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues 
(Beuc/front-desk)
@@ -224,6 +248,10 @@ pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.
 --
+powerline-gitstatus
+  NOTE: 20230105: Programming language: Python.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 protobuf
   NOTE: 20221031: Programming language: Several.
   NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated 
code and must therefore get special attention from the application developer 
using protobuf.
@@ -342,6 +370,10 @@ xdg-utils
   NOTE: 20221120: Programming language: C.
   NOTE: 20221120: no real fix yet
 --
+xfig
+  NOTE: 20230105: Programming language: C.
+  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+--
 xrdp (Abhijith PA)
   NOTE: 20221225: Programming language: C.
   NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0c711cf449c3a185a3d8d884d28181c92423b6e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: check bullseye 11.6 updates

Reply via email to