Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
851b7685 by Thorsten Alteholz at 2022-02-14T01:58:33+01:00
add zsh
- - - - -
3b5d32ea by Thorsten Alteholz at 2022-02-14T01:58:33+01:00
mark CVE-2022-24976 as postponed for Stretch
- - - - -
e3d03ba5 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
update note
- - - - -
28778f86 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add intel-microcode
- - - - -
e810200b by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
mark CVE-2022-0497 and CVE-2022-0496 as no-dsa for Stretch
- - - - -
ffc9aa43 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add h2database
- - - - -
c9703061 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add libxstream-java
- - - - -
81199839 by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
mark CVE-2022-23437 as postponed for Stretch
- - - - -
23ffd3fb by Thorsten Alteholz at 2022-02-14T01:58:34+01:00
add htmldoc
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14,6 +14,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used
in conjunction with
- atheme-services <unfixed>
[bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via
point release)
[buster] - atheme-services <no-dsa> (Minor issue; can be fixed via
point release)
+ [stretch] - atheme-services <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
NOTE:
https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
CVE-2022-0577
@@ -1374,10 +1375,12 @@ CVE-2022-0498
CVE-2022-0497
RESERVED
- openscad 2021.01-4 (bug #1005641)
+ [stretch] - openscad <no-dsa> (Minor issue)
NOTE: https://github.com/openscad/openscad/issues/4043
CVE-2022-0496
RESERVED
- openscad 2021.01-4 (bug #1005641)
+ [stretch] - openscad <no-dsa> (Minor issue)
NOTE: https://github.com/openscad/openscad/issues/4037
CVE-2022-0495
RESERVED
@@ -4725,6 +4728,7 @@ CVE-2022-23438
RESERVED
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java
(XercesJ) XML pa ...)
- libxerces2-java <unfixed>
+ [stretch] - libxerces2-java <postponed> (revisit when/if fix is
complete)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to
97.0.46 ...)
{DSA-5054-1}
=====================================
data/dla-needed.txt
=====================================
@@ -41,13 +41,21 @@ gpac
NOTE: 20211120: received OK from secteam for buster update, working on
stretch/buster in parallel (roberto)
NOTE: 20211228: Returning to active work on this now that llvm/rustc update
is complete (roberto)
--
+h2database
+--
+htmldoc (Thorsten Alteholz)
+--
+intel-microcode
+ NOTE: 20220213: please recheck
+--
libarchive (Thorsten Alteholz)
- NOTE: 20220116: waiting for upload in higher releases
- NOTE: 20220130: new CVEs arrived
+ NOTE: 20220213: testing package
--
libgit2 (Utkarsh)
NOTE: 20220208: got clearance. will upload this week. (utkarsh)
--
+libxstream-java
+--
linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
@@ -82,3 +90,5 @@ ujson (Anton)
--
vim (Markus Koschany)
--
+zsh
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d295402a5226ae389b85be31d1c63bd77561ec1...23ffd3fb79b62d32e02be0446610c24b673fa274
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d295402a5226ae389b85be31d1c63bd77561ec1...23ffd3fb79b62d32e02be0446610c24b673fa274
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
