[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2022-1253 as no-dsa for Stretch

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e516b8ce by Thorsten Alteholz at 2022-04-11T00:06:08+02:00
mark CVE-2022-1253 as no-dsa for Stretch

- - - - -
859720f9 by Thorsten Alteholz at 2022-04-11T00:06:08+02:00
add puma

- - - - -
62c5f516 by Thorsten Alteholz at 2022-04-11T00:06:08+02:00
add salt

- - - - -
5ac4913a by Thorsten Alteholz at 2022-04-11T00:06:09+02:00
mark CVE-2021-43725 as no-dsa for Stretch

- - - - -
c46b5006 by Thorsten Alteholz at 2022-04-11T00:06:10+02:00
mark CVE-2021-33657 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -536,6 +536,7 @@ CVE-2022-1254
        RESERVED
 CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository 
strukturag/libde265 pr ...)
        - libde265 <unfixed>
+       [stretch] - libde265 <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
        NOTE: 
https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
 CVE-2022-1252
@@ -29072,6 +29073,7 @@ CVE-2021-43726
 CVE-2021-43725 (There is a Cross Site Scripting (XSS) vulnerability in 
SpotPage_login. ...)
        - spotweb <removed>
        [buster] - spotweb <no-dsa> (Minor issue)
+       [stretch] - spotweb <no-dsa> (Minor issue)
        NOTE: 
https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1
        NOTE: https://github.com/spotweb/spotweb/issues/718
 CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion 
CMS throug ...)
@@ -56107,9 +56109,11 @@ CVE-2021-33657 (There is a heap overflow problem in 
video/SDL_pixels.c in SDL (S
        - libsdl1.2 <unfixed>
        [bullseye] - libsdl1.2 <no-dsa> (Minor issue)
        [buster] - libsdl1.2 <no-dsa> (Minor issue)
+       [stretch] - libsdl1.2 <no-dsa> (Minor issue)
        - libsdl2 2.0.20+dfsg-2
        [bullseye] - libsdl2 <no-dsa> (Minor issue)
        [buster] - libsdl2 <no-dsa> (Minor issue)
+       [stretch] - libsdl2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
 (release-2.0.20)
 CVE-2021-33656
        RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -113,6 +113,8 @@ openvpn
 pdns
   NOTE: 20220402: harmonize with buster/10.8 (Beuc)
 --
+puma
+--
 puppet-module-puppetlabs-firewall
   NOTE: 20220402: no Debian maintainers activity since 2018 (Beuc)
 --
@@ -121,6 +123,8 @@ ring (Abhijith PA)
  NOTE: 20220404: package in archive is faulty. New regs can't be done due 
(abhijith)
  NOTE: 20220404: a network error (abhijith
 --
+salt
+--
 samba
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9306762e6bf64fc17d142cd4d753c97cf7f4802e...c46b500648db5d929e7511c29d8731ba5857de17

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9306762e6bf64fc17d142cd4d753c97cf7f4802e...c46b500648db5d929e7511c29d8731ba5857de17
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits