Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 83a46f9b by Sylvain Beucler at 2022-04-13T14:38:50+02:00 Reserve DLA-2981-1 for lrzip - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -7693,7 +7693,6 @@ CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency us - lrzip 0.650-1 [bullseye] - lrzip <no-dsa> (Minor issue) [buster] - lrzip <no-dsa> (Minor issue) - [stretch] - lrzip <postponed> (Minor issue, use-after-free with no known impact) NOTE: https://github.com/ckolivas/lrzip/issues/206 NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650) NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[13 Apr 2022] DLA-2981-1 lrzip - security update + {CVE-2018-5786 CVE-2020-25467 CVE-2021-27345 CVE-2021-27347 CVE-2022-26291} + [stretch] - lrzip 0.631-1+deb9u2 [12 Apr 2022] DLA-2980-1 zabbix - security update {CVE-2022-24349 CVE-2022-24917 CVE-2022-24919} [stretch] - zabbix 1:3.0.32+dfsg-0+deb9u3 ===================================== data/dla-needed.txt ===================================== @@ -92,9 +92,6 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -lrzip (Sylvain Beucler) - NOTE: 20220412: 2 CVEs opened following work on jessie (Beuc) --- mariadb-10.1 NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a46f9b0ccc130dcf499b72d2444a92a0d2bc08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a46f9b0ccc130dcf499b72d2444a92a0d2bc08 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits