[Git][security-tracker-team/security-tracker][master] 2 commits: Added curl to dla-needed since it is in DSA needed and at least one...

Mon, 11 Jul 2022 15:20:52 -0700 


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
35e96a7a by Ola Lundqvist at 2022-07-12T00:10:36+02:00
Added curl to dla-needed since it is in DSA needed and at least one 
vulnerability applies to buster as well.

- - - - -
587dc5e1 by Ola Lundqvist at 2022-07-12T00:18:32+02:00
Concluded that CVE-2022-24793 is not vulnerable in buster since the vulnerable 
code does not exist. The file is not even present.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -30153,6 +30153,7 @@ CVE-2022-24794 (Express OpenID Connect is an Express JS 
middleware implementing
 CVE-2022-24793 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-3036-1}
        - asterisk <unfixed>
+       [buster] - asterisk <not-affected> (Vulnerable code not present)
        [stretch] - asterisk <not-affected> (Vulnerable code not present)
        - pjproject <removed>
        - ring <unfixed>


=====================================
data/dla-needed.txt
=====================================
@@ -12,6 +12,9 @@ 
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
+--
+curl
+  NOTE: 20220712: Have not checked whether all CVEs are appliable or not (ola) 
 --
 linux (Ben Hutchings)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22d9f630a6c2f2a80db5b748c40aea24d931cac3...587dc5e1d376b0b6c98ed4c616d69b4becef69ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22d9f630a6c2f2a80db5b748c40aea24d931cac3...587dc5e1d376b0b6c98ed4c616d69b4becef69ba
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to