Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c51dc6c by Markus Koschany at 2021-01-06T21:08:18+01:00 Remove no-dsa tags from pacemaker/stretch. - - - - - 723cd446 by Markus Koschany at 2021-01-06T21:09:59+01:00 Reserve DLA-2519-1 for pacemaker - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -149495,14 +149495,12 @@ CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel NOT-FOR-US: Ansible Tower CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...) - pacemaker 2.0.1-3 (bug #927714) - [stretch] - pacemaker <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...) - pacemaker 2.0.1-3 (bug #927714) - [stretch] - pacemaker <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[06 Jan 2021] DLA-2519-1 pacemaker - security update + {CVE-2018-16877 CVE-2018-16878 CVE-2020-25654} + [stretch] - pacemaker 1.1.24-0+deb9u1 [06 Jan 2021] DLA-2518-1 cairo - security update {CVE-2020-35492} [stretch] - cairo 1.14.8-1+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -102,12 +102,6 @@ openjpeg2 (Thorsten Alteholz) NOTE: 20201220: more CVEs appeared NOTE: 20210104: testing package -- -pacemaker (Markus Koschany) - NOTE: 20201228: See #974563 for further information. - NOTE: 20201228: https://people.debian.org/~apo/lts/pacemaker/ - NOTE: 20201228: The new upstream version works as intended. One user - NOTE: 20201228: reported no regressions. Will release on 06.01.2021. --- php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bf635dec5420522f0b82b9b91bc3305fb1f8542c...723cd4466c9c580c43d195f05a095b63a3061d6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bf635dec5420522f0b82b9b91bc3305fb1f8542c...723cd4466c9c580c43d195f05a095b63a3061d6e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits