[Git][security-tracker-team/security-tracker][master] Reserve DLA-3435-1 for rainloop

Sat, 27 May 2023 15:37:42 -0700 


Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dac54e4f by Guilhem Moulin at 2023-05-28T00:37:13+02:00
Reserve DLA-3435-1 for rainloop

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -282851,7 +282851,6 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division 
by zero at adx_write_traile
        NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms 
such as ...)
        - rainloop 1.14.0-1
-       [buster] - rainloop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
 CVE-2019-13388
        RESERVED


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 May 2023] DLA-3435-1 rainloop - security update
+       {CVE-2019-13389 CVE-2022-29360}
+       [buster] - rainloop 1.12.1-2+deb10u1
 [27 May 2023] DLA-3434-1 sysstat - security update
        {CVE-2023-33204}
        [buster] - sysstat 12.0.3-2+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -179,15 +179,6 @@ rails
   NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the 
possible path forward. (utkarsh)
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rails.git
 --
-rainloop (guilhem)
-  NOTE: 20220913: Programming language: PHP, JavaScript.
-  NOTE: 20220913: Special attention: orphaned as of 2022-09.
-  NOTE: 20220913: Upstream appeared dead but there was activity 2 weeks ago,
-  NOTE: 20220913: a "SnappyMail" fork exists and may have patches we can use,
-  NOTE: 20220913: also there's an unofficial one for CVE-2022-29360;
-  NOTE: 20220913: Evaluate the situation and decide whether we should support 
or EOL this package (Beuc/front-desk)
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git
---
 ring (Thorsten Alteholz)
   NOTE: 20221120: Programming language: C++.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac54e4f76fec3f80e41e67fd4fbff45dda2b432

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac54e4f76fec3f80e41e67fd4fbff45dda2b432
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to