Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f4a5bb5 by Salvatore Bonaccorso at 2023-09-11T21:45:44+02:00
Detangle non-common set of CVE fixes for bullseye and bookworm for DSA-5495-1
CVE-2022-36440, CVE-2022-40302, CVE-2022-40318, CVE-2022-43681 only
needed a fix in bullseye and were already fixed in bookworm. To keep the
denotion of the first version hitting the archive with the fix in the
espective suite apply our workaround and detangle the common set by
removing the listing in the DSA list and explicitly track the suite fix
in CVE list.
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61031,8 +61031,8 @@ CVE-2022-43683
CVE-2022-43682
RESERVED
CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting
FRR throug ...)
- {DSA-5495-1}
- frr 8.4.1-1 (bug #1035829)
+ [bullseye] - frr 7.5.1-1.1+deb11u2
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -70371,8 +70371,8 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in
libConfuse 3.3 has a heap-based
CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to
conduct Insec ...)
NOT-FOR-US: LISTSERV
CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through
8.4. By cra ...)
- {DSA-5495-1}
- frr 8.4.1-1 (bug #1035829)
+ [bullseye] - frr 7.5.1-1.1+deb11u2
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -70439,8 +70439,8 @@ CVE-2022-40303 (An issue was discovered in libxml2
before 2.10.3. When parsing a
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
(v2.10.3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through
8.4. By cra ...)
- {DSA-5495-1}
- frr 8.4.1-1 (bug #1035829)
+ [bullseye] - frr 7.5.1-1.1+deb11u2
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -80886,8 +80886,8 @@ CVE-2022-36442 (An issue was discovered in Zebra
Enterprise Home Screen 4.1.19.
CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen
4.1.19. The Gb ...)
NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in
the pee ...)
- {DSA-5495-1}
- frr 8.4.1-1
+ [bullseye] - frr 7.5.1-1.1+deb11u2
[buster] - frr <ignored> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13202
NOTE:
https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286
(base_8.4)
=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
[11 Sep 2023] DSA-5495-1 frr - security update
- {CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358}
+ {CVE-2023-31490 CVE-2023-38802 CVE-2023-41358}
[bullseye] - frr 7.5.1-1.1+deb11u2
[bookworm] - frr 8.4.4-1.1~deb12u1
[10 Sep 2023] DSA-5494-1 mutt - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4a5bb5ff55ec3d984d50910867bf72d11e0d3f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4a5bb5ff55ec3d984d50910867bf72d11e0d3f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
