Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5958df03 by Sylvain Beucler at 2022-05-02T18:04:07+02:00
dla: minor clarifications/formatting
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -33,7 +33,7 @@ ark
NOTE: 20220424: programming language C
--
cgal
- NOTE: 20220421: many no-dsa issues, please check, whether it is possible to
fix them without an uploading of a new upstream release (Anton)
+ NOTE: 20220421: many no-dsa issues, please check, whether it is possible to
fix them without uploading a new upstream release (Anton)
--
ckeditor
NOTE: 20220402: multiple pendings vulnerabilities (Beuc)
@@ -114,9 +114,9 @@ nvidia-cuda-toolkit
NOTE: 20220331: package is in non-free but also in packages-to-support
(Beuc)
--
nvidia-graphics-drivers
- NOTE: 20220203: package is in non-free but also in packages-to-support
(Beuc)
- NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
- NOTE: 20220209: backport (apo)
+ NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc)
+ NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
+ NOTE: 20220209: backport (apo)
--
openjdk-8 (pochu)
--
@@ -132,13 +132,13 @@ puppet-module-puppetlabs-firewall
NOTE: 20220402: no Debian maintainers activity since 2018 (Beuc)
--
ring (Abhijith PA)
- NOTE: 20220314:
https://people.debian.org/~abhijith/upload/vda/ring_20161221.2.7bd7d91~dfsg1-1+deb9u2.dsc
- NOTE: 20220404: package in archive is faulty. New regs can't be done due
(abhijith)
- NOTE: 20220404: a network error (abhijith)
+ NOTE: 20220314:
https://people.debian.org/~abhijith/upload/vda/ring_20161221.2.7bd7d91~dfsg1-1+deb9u2.dsc
+ NOTE: 20220404: package in archive is faulty. New regs can't be done due
(abhijith)
+ NOTE: 20220404: a network error (abhijith)
--
ruby-devise-two-factor
- NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to
this being the result
- NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some
investigation. (lamby)
+ NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to
this being the result
+ NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some
investigation. (lamby)
--
salt
--
@@ -156,9 +156,10 @@ snapd
--
sox
NOTE: 20220326: CVE-2019-13590 is fixed in git (Anton)
+ NOTE: 20220326: https://salsa.debian.org/lts-team/packages/sox
NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton)
--
-subversion
+subversion (Roberto C. Sánchez)
NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply
(eg. "copyfrom_path = apr_pstrdup(...)" assignment)
NOTE: 20220422: and, once applied manually, appears to break multiple and
possibly unrelated parts of the testsuite. (lamby)
NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to
test it, mailed results to Roberto C. Sánchez (enrico)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5958df037181dbc5c6b0eb1a7243c919bdd75f2d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5958df037181dbc5c6b0eb1a7243c919bdd75f2d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
