Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e92462c4 by Markus Koschany at 2023-10-01T21:14:32+02:00
Reserve DSA-5511-1 mosquitto
- - - - -
93bfc428 by Markus Koschany at 2023-10-01T21:15:32+02:00
CVE-2021-41039,mosquitto: Mark Bullseye as fixed in version 2.0.11-1+deb11u1
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -145932,7 +145932,7 @@ CVE-2021-41040 (In Eclipse Wakaama, ever since its
inception until 2021-01-14, t
NOT-FOR-US: Eclipse Wakaama
CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5
client conn ...)
- mosquitto 2.0.11-1.2 (bug #1001028)
- [bullseye] - mosquitto <no-dsa> (Minor issue)
+ [bullseye] - mosquitto 2.0.11-1+deb11u1
[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
@@ -162484,8 +162484,6 @@ CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the
"mini-browser" extension al
NOT-FOR-US: Eclipse Theia
CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the
dynamic se ...)
- mosquitto 2.0.15-1 (bug #993400)
- [bookworm] - mosquitto <no-dsa> (Minor issue)
- [bullseye] - mosquitto <no-dsa> (Minor issue)
[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[01 Oct 2023] DSA-5511-1 mosquitto - security update
+ {CVE-2021-34434 CVE-2023-0809 CVE-2023-3592 CVE-2023-28366}
+ [bullseye] - mosquitto 2.0.11-1+deb11u1
+ [bookworm] - mosquitto 2.0.11-1.2+deb12u1
[29 Sep 2023] DSA-5510-1 libvpx - security update
{CVE-2023-5217}
[bullseye] - libvpx 1.9.0-1+deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -34,8 +34,6 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y and 6.1.y versions
--
-mosquitto (apo)
---
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb645b353882fde01e99d5488fb9ebcae1002eda...93bfc42850c9f06c82dc245db2e046ab3b68def0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb645b353882fde01e99d5488fb9ebcae1002eda...93bfc42850c9f06c82dc245db2e046ab3b68def0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
