Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: dc86c99f by Thorsten Alteholz at 2021-07-25T00:35:18+02:00 add aspell - - - - - c9eba0cf by Thorsten Alteholz at 2021-07-25T00:35:18+02:00 add linuxptp - - - - - f5d0516c by Thorsten Alteholz at 2021-07-25T00:57:06+02:00 mark CVE-2019-11098 as no-dsa for Stretch - - - - - f3f98255 by Thorsten Alteholz at 2021-07-25T00:58:48+02:00 mark CVE-2021-32749 as no-dsa for Stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -10578,6 +10578,7 @@ CVE-2021-32750 (MuWire is a file publishing and networking tool that protects th CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...) - fail2ban 0.11.2-2 [buster] - fail2ban <no-dsa> (Minor issue, can be fixed in point release) + [stretch] - fail2ban <no-dsa> (Minor issue, can be fixed after fix of regression) NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9) NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0) @@ -148326,6 +148327,7 @@ CVE-2019-11099 CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...) - edk2 <unfixed> [buster] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <no-dsa> (Minor issue) NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1614 NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=316 ===================================== data/dla-needed.txt ===================================== @@ -18,6 +18,8 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- +aspell (Thorsten Alteholz) +-- ceph (Markus Koschany) NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby) NOTE: 20200707: Some discussion regarding removal <https://lists.debian.org/debian-lts/2020/04/msg00019.html> (lamby) @@ -59,6 +61,8 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- +linuxptp (Thorsten Alteholz +-- nettle (Emilio) NOTE: 20210719: difficult backport, wip (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f864a8e87ef2d10efb06b36036c4421aa6504ecf...f3f98255fafed3e4fc41269c2a19d39fe7b01733 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f864a8e87ef2d10efb06b36036c4421aa6504ecf...f3f98255fafed3e4fc41269c2a19d39fe7b01733 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits