[Git][security-tracker-team/security-tracker][master] Reserve DLA-3634-1 for nss

Sat, 28 Oct 2023 07:06:58 -0700 


Sean Whitton pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
23dd068e by Sean Whitton at 2023-10-28T15:06:31+01:00
Reserve DLA-3634-1 for nss

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -222425,7 +222425,6 @@ CVE-2020-25649 (A flaw was found in FasterXML Jackson 
Databind, where it did not
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59
 (jackson-databind-2.11.0.rc1)
 CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) 
message ...)
        - nss 2:3.58-1
-       [buster] - nss <no-dsa> (Minor issue)
        [stretch] - nss <no-dsa> (Minor issue)
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Oct 2023] DLA-3634-1 nss - security update
+       {CVE-2020-25648 CVE-2023-4421}
+       [buster] - nss 2:3.42.1-1+deb10u7
 [28 Oct 2023] DLA-3633-1 gst-plugins-bad1.0 - security update
        {CVE-2023-40474 CVE-2023-40475 CVE-2023-40476}
        [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -129,11 +129,6 @@ nova
   NOTE: 20230302: zigo currently has no time and requests the LTS team to do 
it (IRC #debian-lts 2023-03-02). (Beuc/front-desk)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, 
python-os-brick, nova and cinder. (lamby)
 --
-nss (Sean Whitton)
-  NOTE: 20231015: Added by Front-Desk (ta)
-  NOTE: 20231027: Patches backported.  New tests for CVE-2020-25648 do not 
pass.
-  NOTE: 20231027: Asked upstream dev-tech-crypto ML (spwhitton).
---
 nvidia-cuda-toolkit
   NOTE: 20230514: Added by Front-Desk (utkarsh)
   NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23dd068e50af44a19d3ffc6ae5471bdbe3754904

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23dd068e50af44a19d3ffc6ae5471bdbe3754904
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to