Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits: b660147b by Anton Gladky at 2023-04-24T06:28:47+02:00 Reserve DLA-3399-1 for 389-ds-base - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -135609,7 +135609,6 @@ CVE-2021-36768 CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...) - 389-ds-base 1.4.4.17-1 (bug #991405) [bullseye] - 389-ds-base <no-dsa> (Minor issue) - [buster] - 389-ds-base <no-dsa> (Minor issue) [stretch] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) @@ -148060,7 +148059,6 @@ CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...) - 389-ds-base 1.4.4.11-2 (bug #988727) - [buster] - 389-ds-base <no-dsa> (Minor issue) [stretch] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4711 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...) @@ -273758,7 +273756,6 @@ CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, ve CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...) {DLA-2004-1} - 389-ds-base 1.4.2.4-1 (bug #944150) - [buster] - 389-ds-base <no-dsa> (Minor issue) [stretch] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448 NOTE: https://pagure.io/freeipa/issue/8050 @@ -288164,7 +288161,6 @@ CVE-2019-10225 (A flaw was found in atomic-openshift of openshift-4.2 where the NOT-FOR-US: OpenShift CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...) - 389-ds-base 1.4.1.5-1 - [buster] - 389-ds-base <no-dsa> (Minor issue) [stretch] - 389-ds-base <not-affected> (vulnerable code not present) [jessie] - 389-ds-base <not-affected> (vulnerable code not present) - python-lib389 <removed> @@ -305557,7 +305553,6 @@ CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of ato CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...) {DLA-1779-1} - 389-ds-base 1.4.1.5-1 (bug #927939) - [buster] - 389-ds-base <no-dsa> (Minor issue) [stretch] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612 NOTE: https://pagure.io/389-ds-base/issue/50329 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[24 Apr 2023] DLA-3399-1 389-ds-base - security update + {CVE-2019-3883 CVE-2019-10224 CVE-2019-14824 CVE-2021-3514 CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-2850} + [buster] - 389-ds-base 1.4.0.21-1+deb10u1 [21 Apr 2023] DLA-3398-1 curl - security update {CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538} [buster] - curl 7.64.0-4+deb10u6 ===================================== data/dla-needed.txt ===================================== @@ -12,13 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. --- -389-ds-base (gladk) - NOTE: 20221231: Programming language: C. - NOTE: 20221231: Few users. Low prio. (opal). - NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git - NOTE: 20230327: test new CI - NOTE: 20230410: WIP -- apache2 (rouca) NOTE: 20230312: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b660147bd0488607a08ede7cbfb06fd807991db3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b660147bd0488607a08ede7cbfb06fd807991db3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits