Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 51777719 by Thorsten Alteholz at 2023-03-12T23:55:29+01:00 LTS: add apache2 to dla-needed.txt - - - - - 98184fc7 by Thorsten Alteholz at 2023-03-13T00:01:28+01:00 LTS: add ruby-racks to dla-needed.txt - - - - - a92e695d by Thorsten Alteholz at 2023-03-13T00:03:12+01:00 Revert "LTS: add ruby-racks to dla-needed.txt" This reverts commit 98184fc75622fb669ea31ef6b2dab480d30d2af2. - - - - - 7bf298af by Thorsten Alteholz at 2023-03-13T00:04:21+01:00 LTS: add ruby-rack to dla-needed.txt - - - - - 7b32c923 by Thorsten Alteholz at 2023-03-13T00:06:03+01:00 LTS: add libmicrohttpd to dla-needed.txt - - - - - 88a111f9 by Thorsten Alteholz at 2023-03-13T00:08:05+01:00 mark CVE-2021-33367 as no-dsa for Buster - - - - - 83fe56dd by Thorsten Alteholz at 2023-03-13T00:09:05+01:00 mark CVE-2022-3213 as no-dsa for Buster - - - - - 6fd1fd35 by Thorsten Alteholz at 2023-03-13T00:14:48+01:00 mark CVE-2021-37519 as not-affected for Buster - - - - - 1bdc1a56 by Thorsten Alteholz at 2023-03-13T00:22:00+01:00 claim libmicrohttpd - - - - - f36b5073 by Thorsten Alteholz at 2023-03-13T00:27:09+01:00 LTS: add redis to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -42329,6 +42329,7 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy man CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) - imagemagick <unfixed> (bug #1021141) [bullseye] - imagemagick <no-dsa> (Minor issue) + [buster] - imagemagick <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 @@ -124337,6 +124338,7 @@ CVE-2021-37520 CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...) - memcached 1.6.10+dfsg-1 [bullseye] - memcached <no-dsa> (Minor issue) + [buster] - memcached <not-affected> (Vulnerable code not present) NOTE: https://github.com/memcached/memcached/issues/805 NOTE: https://github.com/memcached/memcached/commit/ddee3e27a031be22f5f28c160be18fd3cb9bc63d (1.6.10) CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...) @@ -134362,6 +134364,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attack - freeimage <unfixed> (bug #1032666) [bookworm] - freeimage <no-dsa> (Minor issue) [bullseye] - freeimage <no-dsa> (Minor issue) + [buster] - freeimage <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/ CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) - gpac <unfixed> (unimportant) ===================================== data/dla-needed.txt ===================================== @@ -18,6 +18,11 @@ rather than remove/replace existing ones. NOTE: 20221231: Few users. Low prio. (opal). NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git -- +apache2 + NOTE: 20230312: Programming language: C. + NOTE: 20230312: VCS: https://salsa.debian.org/lts-team/packages/apache2.git + NOTE: 20230312: Special attention: Double check an update! Package is used by many customers and users!. +-- ceph NOTE: 20221031: Programming language: C++. NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system. @@ -102,6 +107,9 @@ intel-microcode (tobi) NOTE: 20230310: will first fix unstable and stable, then proceed with LTS and ELTS, using the same new upstream version. (tobi) NOTE: 20230312: uploaded to DELAYED/5 for unstable. -- +libmicrohttpd (Thorsten Alteholz) + NOTE: 20230313: Programming language: C. +-- libreoffice NOTE: 20221012: Programming language: C++. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git @@ -246,6 +254,10 @@ rainloop NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk) NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git -- +redis + NOTE: 20230313: Programming language: C. + NOTE: 20230313: VCS: https://salsa.debian.org/lamby/pkg-redis.git +-- ring NOTE: 20221120: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git @@ -254,6 +266,10 @@ ruby-loofah (Daniel Leidert) NOTE: 20221231: Programming language: Ruby. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-loofah.git -- +ruby-rack + NOTE: 20230313: Programming language: Ruby. + NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git +-- ruby-rails-html-sanitizer NOTE: 20221231: Programming language: Ruby. NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/392ff63012d3b582d96f91198a57d66731325a92...f36b507333a2efcfd56b4e18ee8333af5f012601 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/392ff63012d3b582d96f91198a57d66731325a92...f36b507333a2efcfd56b4e18ee8333af5f012601 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits