Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54739391 by Emilio Pozuelo Monfort at 2025-01-31T17:25:05+01:00
lts: CVE-2024-33655/unbound ignored on bullseye
- - - - -
37baa6f5 by Emilio Pozuelo Monfort at 2025-01-31T17:25:05+01:00
lts: remove unbound entry, no open issues
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -74837,7 +74837,7 @@ CVE-2023-6327 (The ShopLentor (formerly WooLentor)
plugin for WordPress is vulne
CVE-2024-33655 (The DNS protocol in RFC 1035 and updates allows remote
attackers to ca ...)
- unbound 1.20.0-1
[bookworm] - unbound <ignored> (Minor issue, too intrusive to backport)
- [bullseye] - unbound <no-dsa> (Minor issue)
+ [bullseye] - unbound <ignored> (Minor issue, too intrusive to backport)
[buster] - unbound <ignored> (Not affected by DoS, intrusive changes)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de
(release-1.20.0rc1)
=====================================
data/dla-needed.txt
=====================================
@@ -275,15 +275,6 @@ twitter-bootstrap3
NOTE: 20241110: Added by Front-Desk (apo)
NOTE: 20241119: Supportability discussion
https://lists.debian.org/debian-lts/2024/11/msg00030.html (Beuc/front-desk)
--
-unbound
- NOTE: 20240825: Added by Front-Desk (ta)
- NOTE: 20240929: The patch for CVE-2024-33655 was considered too intrusive
for Buster. (dleidert)
- NOTE: 20240929: It seems reasonable that in that case that is true for
Bullseye as well. (dleidert)
- NOTE: 20241206: There is no DLA to prepare for this package, rather CVE
noted above must be assessed and a final disposition applied for bullseye
(roberto)
- NOTE: 20241206: A stable update is also needed,
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/164
- NOTE: 20241229: Maintainer of unbound has prepared upload to Bookworm for
CVE-2024-8508: (dleidert)
- NOTE: 20241229:
https://salsa.debian.org/dns-team/unbound/-/commit/0764b34ac1488a85cbfee5dfc3735448117aaaf9
(dleidert)
---
vim (Sean Whitton)
NOTE: 20250114: Added by Front-Desk (rouca)
NOTE: 20250129: Fixes for first 29 outstanding CVEs backported in
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e54567a5c7eed070e4b377457b44125a3257818...37baa6f5ab58aef670fdaced952f1e805e48b66b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e54567a5c7eed070e4b377457b44125a3257818...37baa6f5ab58aef670fdaced952f1e805e48b66b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
