[Git][security-tracker-team/security-tracker][master] Reserve DLA-2981-1 for lrzip

Wed, 13 Apr 2022 05:39:19 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
83a46f9b by Sylvain Beucler at 2022-04-13T14:38:50+02:00
Reserve DLA-2981-1 for lrzip

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7693,7 +7693,6 @@ CVE-2022-26291 (lrzip v0.641 was discovered to contain a 
multiple concurrency us
        - lrzip 0.650-1
        [bullseye] - lrzip <no-dsa> (Minor issue)
        [buster] - lrzip <no-dsa> (Minor issue)
-       [stretch] - lrzip <postponed> (Minor issue, use-after-free with no 
known impact)
        NOTE: https://github.com/ckolivas/lrzip/issues/206
        NOTE: 
https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4
 (v0.650)
        NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Apr 2022] DLA-2981-1 lrzip - security update
+       {CVE-2018-5786 CVE-2020-25467 CVE-2021-27345 CVE-2021-27347 
CVE-2022-26291}
+       [stretch] - lrzip 0.631-1+deb9u2
 [12 Apr 2022] DLA-2980-1 zabbix - security update
        {CVE-2022-24349 CVE-2022-24917 CVE-2022-24919}
        [stretch] - zabbix 1:3.0.32+dfsg-0+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -92,9 +92,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-lrzip (Sylvain Beucler)
-  NOTE: 20220412: 2 CVEs opened following work on jessie (Beuc)
---
 mariadb-10.1
   NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See 
discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and 
coordinate with maintainer (Anton)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a46f9b0ccc130dcf499b72d2444a92a0d2bc08

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a46f9b0ccc130dcf499b72d2444a92a0d2bc08
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to