[Git][security-tracker-team/security-tracker][master] Reserve DLA-3795-1 for knot-resolver

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d58a1355 by Markus Koschany at 2024-04-26T07:35:06+02:00
Reserve DLA-3795-1 for knot-resolver

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -294164,7 +294164,6 @@ CVE-2020-12668 (Jinjava before 2.5.4 allow access to 
arbitrary classes by callin
        NOT-FOR-US: Jinjava
 CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a 
crafted  ...)
        - knot-resolver 5.1.1-0.1 (bug #961076)
-       [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: 
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
        NOTE: commit: 
https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b
        NOTE: commit: 
https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118
@@ -325401,7 +325400,6 @@ CVE-2019-19332 (An out-of-bounds memory write issue 
was found in the Linux Kerne
        NOTE: 
https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
 CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of 
service  ...)
        - knot-resolver 5.0.1-1 (bug #946181)
-       [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4
 CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 
2019-11-0 ...)
        NOT-FOR-US: Wikibase Wikidata Query Service GUI
@@ -356412,13 +356410,11 @@ CVE-2019-10192 (A heap-buffer overflow 
vulnerability was found in the Redis hype
        NOTE: 
https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f
 (5.0.4)
 CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot 
resolver before ...)
        - knot-resolver 5.0.1-1 (bug #932048)
-       [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
        NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
 CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of 
knot resol ...)
        - knot-resolver 5.0.1-1 (bug #932048)
-       [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
        NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Apr 2024] DLA-3795-1 knot-resolver - security update
+       {CVE-2019-10190 CVE-2019-10191 CVE-2019-19331 CVE-2020-12667}
+       [buster] - knot-resolver 3.2.1-3+deb10u2
 [25 Apr 2024] DLA-3794-1 putty - security update
        {CVE-2020-14002 CVE-2021-36367 CVE-2023-48795 CVE-2019-17069}
        [buster] - putty 0.74-1+deb11u1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -124,11 +124,6 @@ jenkins-htmlunit-core-js
   NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it 
may
   NOTE: 20231231: … indeed be vulnerable. (lamby)
 --
-knot-resolver
-  NOTE: 20231029: Added by Front-Desk (gladk)
-  NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
-  NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs 
has been fixed in bullseye. (ola)
---
 less (Abhijith PA)
   NOTE: 20240418: Added by Front-Desk (apo)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58a13559c87c505e23427b90a9de979336e05e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58a13559c87c505e23427b90a9de979336e05e2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits