[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-28100,CVE-2023-28101/flatpak: reference patches

Tue, 20 Jun 2023 09:14:59 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
07f19f44 by Sylvain Beucler at 2023-06-20T18:13:02+02:00
CVE-2023-28100,CVE-2023-28101/flatpak: reference patches

- - - - -
d686a698 by Sylvain Beucler at 2023-06-20T18:14:28+02:00
dla: add flatpak

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14551,11 +14551,18 @@ CVE-2023-28101 (Flatpak is a system for building, 
distributing, and running sand
        [bullseye] - flatpak 1.10.8-0+deb11u1
        [buster] - flatpak <no-dsa> (Minor issue)
        NOTE: 
https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
+       NOTE: 
https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869
 (1.15.4)
+       NOTE: 
https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c
 (1.15.4)
+       NOTE: 
https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c
 (1.15.4)
+       NOTE: 
https://github.com/flatpak/flatpak/commit/acd627a2fabe9856947399044dbf7aa79247c75b
 (1.10.8)
+       NOTE: 
https://github.com/flatpak/flatpak/commit/e88eedce76f79a5573df4fc38b344bbeaf7af024
 (1.10.8)
 CVE-2023-28100 (Flatpak is a system for building, distributing, and running 
sandboxed  ...)
        - flatpak 1.14.4-1 (bug #1033099)
        [bullseye] - flatpak 1.10.8-0+deb11u1
        [buster] - flatpak <no-dsa> (Minor issue)
        NOTE: 
https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
+       NOTE: 
https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9
 (1.15.4)
+       NOTE: 
https://github.com/flatpak/flatpak/commit/a9bf18040cc075a70657c6090a59d7f6fe78f893
 (1.10.8)
 CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server 
implementation. ...)
        NOT-FOR-US: OpenSIPS
 CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server 
implementation. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -58,6 +58,10 @@ erlang (Markus Koschany)
   NOTE: 20221119: Added by Front-Desk (ta)
   NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request 
has been for Stretch)
 --
+flatpak
+  NOTE: 20230620: Added by Front-Desk (Beuc)
+  NOTE: 20230620: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
 fusiondirectory (Abhijith PA)
   NOTE: 20221203: Added by Front-Desk (gladk)
   NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ac21a6809e0afba43fc939c07fe7843c088794...d686a6983f6d7b2fc100ed8551d3dc6fc3f95acc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ac21a6809e0afba43fc939c07fe7843c088794...d686a6983f6d7b2fc100ed8551d3dc6fc3f95acc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to