Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: 998b1e5e by Utkarsh Gupta at 2023-03-13T02:08:00+05:30 Add note for ruby-rails-html-sanitizer - - - - - 4dacbb52 by Utkarsh Gupta at 2023-03-13T02:08:55+05:30 Reserve DLA-3359-1 for libapache2-mod-auth-mellon - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -127080,7 +127080,6 @@ CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the Linux CVE-2021-3639 (A flaw was found in mod_auth_mellon where it does not sanitize logout ...) - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730) [bullseye] - libapache2-mod-auth-mellon 0.17.0-1+deb11u1 - [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...) @@ -270799,7 +270798,6 @@ CVE-2019-13039 RESERVED CVE-2019-13038 (mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...) - libapache2-mod-auth-mellon 0.15.0-1 (low; bug #931265) - [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) [jessie] - libapache2-mod-auth-mellon <ignored> (Open Redirect protection not implemented yet) NOTE: https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[13 Mar 2023] DLA-3359-1 libapache2-mod-auth-mellon - security update + {CVE-2019-13038 CVE-2021-3639} + [buster] - libapache2-mod-auth-mellon 0.14.2-1+deb10u1 [12 Mar 2023] DLA-3358-1 mpv - security update {CVE-2020-19824} [buster] - mpv 0.29.1-1+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -102,12 +102,6 @@ intel-microcode (tobi) NOTE: 20230310: will first fix unstable and stable, then proceed with LTS and ELTS, using the same new upstream version. (tobi) NOTE: 20230312: uploaded to DELAYED/5 for unstable. -- -libapache2-mod-auth-mellon (Utkarsh) - NOTE: 20230105: Programming language: C. - NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) - NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/libapache2-mod-auth-mellon.git - NOTE: 20230220: upload prepped, testing remains. (utkarsh) --- libreoffice NOTE: 20221012: Programming language: C++. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git @@ -263,6 +257,7 @@ ruby-loofah (Daniel Leidert) ruby-rails-html-sanitizer NOTE: 20221231: Programming language: Ruby. NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git + NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh) -- ruby-sidekiq (Utkarsh) NOTE: 20221231: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a9d48016bd0218a366177fd3cdd5051347ed17...4dacbb52b1761a042d3085dc122626e08b9288ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23a9d48016bd0218a366177fd3cdd5051347ed17...4dacbb52b1761a042d3085dc122626e08b9288ca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits