[Git][security-tracker-team/security-tracker][master] lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f7403df6 by Emilio Pozuelo Monfort at 2023-02-02T11:03:07+01:00
lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17246,6 +17246,7 @@ CVE-2022-4056
 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, 
improp ...)
        - xdg-utils <unfixed> (bug #1027160)
        [bullseye] - xdg-utils <no-dsa> (Minor issue)
+       [buster] - xdg-utils <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
        NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
 CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions 
starting ...)


=====================================
data/dla-needed.txt
=====================================
@@ -301,12 +301,6 @@ wireshark
   NOTE: 20230123: Programming language: C.
   NOTE: 20230123: 7 new CVEs + 3 postponed ones. Would be good to not let them 
pile up like last time. (utkarsh).
 --
-xdg-utils
-  NOTE: 20221120: Programming language: C.
-  NOTE: 20221120: no real fix yet
-  NOTE: 20230111: VCS: https://salsa.debian.org/freedesktop-team/xdg-utils
-  NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their 
VCS can be used
---
 xfig (gladk)
   NOTE: 20230105: Programming language: C.
   NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7403df6090d5e272270c43216be8cff20066d42

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7403df6090d5e272270c43216be8cff20066d42
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits