Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3d0edc1 by Chris Lamb at 2023-04-12T09:14:31+01:00
Reserve DLA-3389-1 for lldpd
My previous reservation of DLA-3388-1 didn't successfully push to salsa, so
I
now need to clean up my collisions with DLA-3388-1 (keepalived). :/
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -113525,7 +113525,6 @@ CVE-2021-43612 [crash in SONMP decoder]
RESERVED
- lldpd 1.0.13-1
[bullseye] - lldpd 1.0.11-1+deb11u1
- [buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
NOTE:
https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
(1.0.13)
CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such
as Linp ...)
@@ -187827,7 +187826,6 @@ CVE-2020-27828 (There's a flaw in jasper's jpc
encoder in versions prior to 2.0.
CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch.
Specially crafte ...)
{DSA-4836-1 DLA-2571-1}
- lldpd 1.0.8-1
- [buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132)
NOTE: https://github.com/openvswitch/ovs/pull/337
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Apr 2023] DLA-3389-1 lldpd - security update
+ {CVE-2020-27827 CVE-2021-43612}
+ [buster] - lldpd 1.0.3-1+deb10u1
[10 Apr 2023] DLA-3388-1 keepalived - security update
{CVE-2021-44225}
[buster] - keepalived 1:2.0.10-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -127,10 +127,6 @@ libapache2-mod-auth-openidc (Adrian Bunk)
linux (Ben Hutchings)
NOTE: 20230111: Programming language: C
--
-lldpd (Chris Lamb)
- NOTE: 20230408: Programming language: C.
- NOTE: 20230408: Sync with Debian 11.2 / bullseye (2 CVEs) (Beuc/front-desk)
---
man2html
NOTE: 20221004: Programming language: C.
NOTE: 20221004: It looks like not patch is available.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3d0edc1a9f6cff3c2129fa84b5c33372b5d2557
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3d0edc1a9f6cff3c2129fa84b5c33372b5d2557
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
