[Git][security-tracker-team/security-tracker][master] Reserve DLA-2919-1 for python2.7

Sat, 12 Feb 2022 04:26:35 -0800 


Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3972c4a8 by Anton Gladky at 2022-02-12T13:26:02+01:00
Reserve DLA-2919-1 for python2.7

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9402,7 +9402,6 @@ CVE-2021-4189 [ftplib should not use the host from the 
PASV response]
        - python2.7 <unfixed>
        [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by 
security support)
        [buster] - python2.7 <no-dsa> (Minor issue)
-       [stretch] - python2.7 <no-dsa> (Minor issue)
        NOTE: https://bugs.python.org/issue43285
        NOTE: 
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e
 (master)
        NOTE: 
https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335
 (v3.9.3)
@@ -66169,7 +66168,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer 
overflow in PyCArg_repr in
        - python3.5 <removed>
        - python2.7 2.7.18-2
        [buster] - python2.7 <no-dsa> (Minor issue)
-       [stretch] - python2.7 <no-dsa> (Minor issue)
        NOTE: https://bugs.python.org/issue42938
        NOTE: https://github.com/python/cpython/pull/24239
        NOTE: 
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Feb 2022] DLA-2919-1 python2.7 - security update
+       {CVE-2021-3177 CVE-2021-4189}
+       [stretch] - python2.7 2.7.13-2+deb9u6
 [12 Feb 2022] DLA-2918-1 debian-edu-config - security update
        {CVE-2021-20001}
        [stretch] - debian-edu-config 1.929+deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -64,10 +64,6 @@ pgbouncer (Emilio)
 pjproject (Abhijith PA)
   NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
 --
-python2.7 (Anton)
-  NOTE: 20220112: 3 postponed CVEs (Beuc)
-  NOTE: 20220206: WIP https://salsa.debian.org/lts-team/packages/python2.7/ 
(Anton)
---
 samba
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to