Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51777719 by Thorsten Alteholz at 2023-03-12T23:55:29+01:00
LTS: add apache2 to dla-needed.txt
- - - - -
98184fc7 by Thorsten Alteholz at 2023-03-13T00:01:28+01:00
LTS: add ruby-racks to dla-needed.txt
- - - - -
a92e695d by Thorsten Alteholz at 2023-03-13T00:03:12+01:00
Revert "LTS: add ruby-racks to dla-needed.txt"
This reverts commit 98184fc75622fb669ea31ef6b2dab480d30d2af2.
- - - - -
7bf298af by Thorsten Alteholz at 2023-03-13T00:04:21+01:00
LTS: add ruby-rack to dla-needed.txt
- - - - -
7b32c923 by Thorsten Alteholz at 2023-03-13T00:06:03+01:00
LTS: add libmicrohttpd to dla-needed.txt
- - - - -
88a111f9 by Thorsten Alteholz at 2023-03-13T00:08:05+01:00
mark CVE-2021-33367 as no-dsa for Buster
- - - - -
83fe56dd by Thorsten Alteholz at 2023-03-13T00:09:05+01:00
mark CVE-2022-3213 as no-dsa for Buster
- - - - -
6fd1fd35 by Thorsten Alteholz at 2023-03-13T00:14:48+01:00
mark CVE-2021-37519 as not-affected for Buster
- - - - -
1bdc1a56 by Thorsten Alteholz at 2023-03-13T00:22:00+01:00
claim libmicrohttpd
- - - - -
f36b5073 by Thorsten Alteholz at 2023-03-13T00:27:09+01:00
LTS: add redis to dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -42329,6 +42329,7 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy,
an industrial energy man
CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an
applica ...)
- imagemagick <unfixed> (bug #1021141)
[bullseye] - imagemagick <no-dsa> (Minor issue)
+ [buster] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
@@ -124337,6 +124338,7 @@ CVE-2021-37520
CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9
allows att ...)
- memcached 1.6.10+dfsg-1
[bullseye] - memcached <no-dsa> (Minor issue)
+ [buster] - memcached <not-affected> (Vulnerable code not present)
NOTE: https://github.com/memcached/memcached/issues/805
NOTE:
https://github.com/memcached/memcached/commit/ddee3e27a031be22f5f28c160be18fd3cb9bc63d
(1.6.10)
CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium
Extensio ...)
@@ -134362,6 +134364,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in
Freeimage v3.18.0 allows attack
- freeimage <unfixed> (bug #1032666)
[bookworm] - freeimage <no-dsa> (Minor issue)
[bullseye] - freeimage <no-dsa> (Minor issue)
+ [buster] - freeimage <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/
CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box
in GPAC ...)
- gpac <unfixed> (unimportant)
=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,11 @@ rather than remove/replace existing ones.
NOTE: 20221231: Few users. Low prio. (opal).
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/389-ds-base.git
--
+apache2
+ NOTE: 20230312: Programming language: C.
+ NOTE: 20230312: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
+ NOTE: 20230312: Special attention: Double check an update! Package is used
by many customers and users!.
+--
ceph
NOTE: 20221031: Programming language: C++.
NOTE: 20221031: To be checked further. Not clear whether the vulnerability
can be exploited in a Debian system.
@@ -102,6 +107,9 @@ intel-microcode (tobi)
NOTE: 20230310: will first fix unstable and stable, then proceed with LTS
and ELTS, using the same new upstream version. (tobi)
NOTE: 20230312: uploaded to DELAYED/5 for unstable.
--
+libmicrohttpd (Thorsten Alteholz)
+ NOTE: 20230313: Programming language: C.
+--
libreoffice
NOTE: 20221012: Programming language: C++.
NOTE: 20230111: VCS:
https://salsa.debian.org/lts-team/packages/libreoffice.git
@@ -246,6 +254,10 @@ rainloop
NOTE: 20220913: Evaluate the situation and decide whether we should support
or EOL this package (Beuc/front-desk)
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git
--
+redis
+ NOTE: 20230313: Programming language: C.
+ NOTE: 20230313: VCS: https://salsa.debian.org/lamby/pkg-redis.git
+--
ring
NOTE: 20221120: Programming language: C.
NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
@@ -254,6 +266,10 @@ ruby-loofah (Daniel Leidert)
NOTE: 20221231: Programming language: Ruby.
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/ruby-loofah.git
--
+ruby-rack
+ NOTE: 20230313: Programming language: Ruby.
+ NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git
+--
ruby-rails-html-sanitizer
NOTE: 20221231: Programming language: Ruby.
NOTE: 20221231: VCS:
https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/392ff63012d3b582d96f91198a57d66731325a92...f36b507333a2efcfd56b4e18ee8333af5f012601
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/392ff63012d3b582d96f91198a57d66731325a92...f36b507333a2efcfd56b4e18ee8333af5f012601
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
