Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 851b7685 by Thorsten Alteholz at 2022-02-14T01:58:33+01:00 add zsh - - - - - 3b5d32ea by Thorsten Alteholz at 2022-02-14T01:58:33+01:00 mark CVE-2022-24976 as postponed for Stretch - - - - - e3d03ba5 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 update note - - - - - 28778f86 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 add intel-microcode - - - - - e810200b by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 mark CVE-2022-0497 and CVE-2022-0496 as no-dsa for Stretch - - - - - ffc9aa43 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 add h2database - - - - - c9703061 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 add libxstream-java - - - - - 81199839 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 mark CVE-2022-23437 as postponed for Stretch - - - - - 23ffd3fb by Thorsten Alteholz at 2022-02-14T01:58:34+01:00 add htmldoc - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -14,6 +14,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with - atheme-services <unfixed> [bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release) [buster] - atheme-services <no-dsa> (Minor issue; can be fixed via point release) + [stretch] - atheme-services <postponed> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4 NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 CVE-2022-0577 @@ -1374,10 +1375,12 @@ CVE-2022-0498 CVE-2022-0497 RESERVED - openscad 2021.01-4 (bug #1005641) + [stretch] - openscad <no-dsa> (Minor issue) NOTE: https://github.com/openscad/openscad/issues/4043 CVE-2022-0496 RESERVED - openscad 2021.01-4 (bug #1005641) + [stretch] - openscad <no-dsa> (Minor issue) NOTE: https://github.com/openscad/openscad/issues/4037 CVE-2022-0495 RESERVED @@ -4725,6 +4728,7 @@ CVE-2022-23438 RESERVED CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) - libxerces2-java <unfixed> + [stretch] - libxerces2-java <postponed> (revisit when/if fix is complete) NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3 CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} ===================================== data/dla-needed.txt ===================================== @@ -41,13 +41,21 @@ gpac NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) -- +h2database +-- +htmldoc (Thorsten Alteholz) +-- +intel-microcode + NOTE: 20220213: please recheck +-- libarchive (Thorsten Alteholz) - NOTE: 20220116: waiting for upload in higher releases - NOTE: 20220130: new CVEs arrived + NOTE: 20220213: testing package -- libgit2 (Utkarsh) NOTE: 20220208: got clearance. will upload this week. (utkarsh) -- +libxstream-java +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) @@ -82,3 +90,5 @@ ujson (Anton) -- vim (Markus Koschany) -- +zsh +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d295402a5226ae389b85be31d1c63bd77561ec1...23ffd3fb79b62d32e02be0446610c24b673fa274 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d295402a5226ae389b85be31d1c63bd77561ec1...23ffd3fb79b62d32e02be0446610c24b673fa274 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits