Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
998b1e5e by Utkarsh Gupta at 2023-03-13T02:08:00+05:30
Add note for ruby-rails-html-sanitizer
- - - - -
4dacbb52 by Utkarsh Gupta at 2023-03-13T02:08:55+05:30
Reserve DLA-3359-1 for libapache2-mod-auth-mellon
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -127080,7 +127080,6 @@ CVE-2021-3640 (A flaw use-after-free in function
sco_sock_sendmsg() of the Linux
CVE-2021-3639 (A flaw was found in mod_auth_mellon where it does not sanitize
logout ...)
- libapache2-mod-auth-mellon 0.18.0-1 (bug #991730)
[bullseye] - libapache2-mod-auth-mellon 0.17.0-1+deb11u1
- [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
[stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
NOTE:
https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an
authenticati ...)
@@ -270799,7 +270798,6 @@ CVE-2019-13039
RESERVED
CVE-2019-13038 (mod_auth_mellon through 0.14.2 has an Open Redirect via the
login?Retu ...)
- libapache2-mod-auth-mellon 0.15.0-1 (low; bug #931265)
- [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
[stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
[jessie] - libapache2-mod-auth-mellon <ignored> (Open Redirect
protection not implemented yet)
NOTE:
https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Mar 2023] DLA-3359-1 libapache2-mod-auth-mellon - security update
+ {CVE-2019-13038 CVE-2021-3639}
+ [buster] - libapache2-mod-auth-mellon 0.14.2-1+deb10u1
[12 Mar 2023] DLA-3358-1 mpv - security update
{CVE-2020-19824}
[buster] - mpv 0.29.1-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -102,12 +102,6 @@ intel-microcode (tobi)
NOTE: 20230310: will first fix unstable and stable, then proceed with LTS
and ELTS, using the same new upstream version. (tobi)
NOTE: 20230312: uploaded to DELAYED/5 for unstable.
--
-libapache2-mod-auth-mellon (Utkarsh)
- NOTE: 20230105: Programming language: C.
- NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
- NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/libapache2-mod-auth-mellon.git
- NOTE: 20230220: upload prepped, testing remains. (utkarsh)
---
libreoffice
NOTE: 20221012: Programming language: C++.
NOTE: 20230111: VCS:
https://salsa.debian.org/lts-team/packages/libreoffice.git
@@ -263,6 +257,7 @@ ruby-loofah (Daniel Leidert)
ruby-rails-html-sanitizer
NOTE: 20221231: Programming language: Ruby.
NOTE: 20221231: VCS:
https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
+ NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with
appropriate methods. (utkarsh)
--
ruby-sidekiq (Utkarsh)
NOTE: 20221231: Programming language: Ruby.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a9d48016bd0218a366177fd3cdd5051347ed17...4dacbb52b1761a042d3085dc122626e08b9288ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a9d48016bd0218a366177fd3cdd5051347ed17...4dacbb52b1761a042d3085dc122626e08b9288ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
