[Git][security-tracker-team/security-tracker][master] Reserve DLA-3399-1 for 389-ds-base

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b660147b by Anton Gladky at 2023-04-24T06:28:47+02:00
Reserve DLA-3399-1 for 389-ds-base

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -135609,7 +135609,6 @@ CVE-2021-36768
 CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as 
passwor ...)
        - 389-ds-base 1.4.4.17-1 (bug #991405)
        [bullseye] - 389-ds-base <no-dsa> (Minor issue)
-       [buster] - 389-ds-base <no-dsa> (Minor issue)
        [stretch] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://github.com/389ds/389-ds-base/issues/4817
        NOTE: 
https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7
 (master)
@@ -148060,7 +148059,6 @@ CVE-2021-3515 (A shell injection flaw was found in 
pglogical in versions before
        NOTE: 
https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
 CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated 
attacke ...)
        - 389-ds-base 1.4.4.11-2 (bug #988727)
-       [buster] - 389-ds-base <no-dsa> (Minor issue)
        [stretch] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://github.com/389ds/389-ds-base/issues/4711
 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 
performs unde ...)
@@ -273758,7 +273756,6 @@ CVE-2019-14825 (A cleartext password storage issue 
was discovered in Katello, ve
 CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it 
could u ...)
        {DLA-2004-1}
        - 389-ds-base 1.4.2.4-1 (bug #944150)
-       [buster] - 389-ds-base <no-dsa> (Minor issue)
        [stretch] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
        NOTE: https://pagure.io/freeipa/issue/8050
@@ -288164,7 +288161,6 @@ CVE-2019-10225 (A flaw was found in atomic-openshift 
of openshift-4.2 where the
        NOT-FOR-US: OpenShift
 CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 
1.4.1.3.  ...)
        - 389-ds-base 1.4.1.5-1
-       [buster] - 389-ds-base <no-dsa> (Minor issue)
        [stretch] - 389-ds-base <not-affected> (vulnerable code not present)
        [jessie] - 389-ds-base <not-affected> (vulnerable code not present)
        - python-lib389 <removed>
@@ -305557,7 +305553,6 @@ CVE-2019-3884 (A vulnerability exists in the garbage 
collection mechanism of ato
 CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by 
workers  ...)
        {DLA-1779-1}
        - 389-ds-base 1.4.1.5-1 (bug #927939)
-       [buster] - 389-ds-base <no-dsa> (Minor issue)
        [stretch] - 389-ds-base <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
        NOTE: https://pagure.io/389-ds-base/issue/50329


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Apr 2023] DLA-3399-1 389-ds-base - security update
+       {CVE-2019-3883 CVE-2019-10224 CVE-2019-14824 CVE-2021-3514 
CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-2850}
+       [buster] - 389-ds-base 1.4.0.21-1+deb10u1
 [21 Apr 2023] DLA-3398-1 curl - security update
        {CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538}
        [buster] - curl 7.64.0-4+deb10u6


=====================================
data/dla-needed.txt
=====================================
@@ -12,13 +12,6 @@ 
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
---
-389-ds-base (gladk)
-  NOTE: 20221231: Programming language: C.
-  NOTE: 20221231: Few users. Low prio. (opal).
-  NOTE: 20230206: VCS: 
https://salsa.debian.org/lts-team/packages/389-ds-base.git
-  NOTE: 20230327: test new CI
-  NOTE: 20230410: WIP
 --
 apache2 (rouca)
   NOTE: 20230312: Programming language: C.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b660147bd0488607a08ede7cbfb06fd807991db3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b660147bd0488607a08ede7cbfb06fd807991db3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits