[Git][security-tracker-team/security-tracker][master] 2 commits: Claim firmware-nonfree in dla-needed.txt

Markus Koschany (@apo) Tue, 16 Nov 2021 14:23:50 -0800


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
851a329f by Markus Koschany at 2021-11-16T23:20:07+01:00
Claim firmware-nonfree in dla-needed.txt

- - - - -
83a5b72a by Markus Koschany at 2021-11-16T23:23:10+01:00
Reserve DLA-2819-1 for ntfs-3g

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8031,7 +8031,7 @@ CVE-2021-41655
 CVE-2021-41654
        RESERVED
 CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with 
firmware  ...)
-       NOT-FOR-US:  TP-Link
+       NOT-FOR-US: TP-Link
 CVE-2021-41652
        RESERVED
 CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / 
Ahmed H ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Nov 2021] DLA-2819-1 ntfs-3g - security update
+       {CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 
CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 
CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 
CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 
CVE-2021-39262 CVE-2021-39263}
+       [stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u2
 [13 Nov 2021] DLA-2818-1 ffmpeg - security update
        {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 
CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 
CVE-2020-22049 CVE-2020-22054 CVE-2021-38171 CVE-2021-38291}
        [stretch] - ffmpeg 7:3.2.16-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -33,7 +33,7 @@ exiv2 (Thorsten Alteholz)
 firefox-esr (Emilio)
   NOTE: 20211116: blocked on toolchain backports (pochu)
 --
-firmware-nonfree
+firmware-nonfree (Markus Koschany)
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding 
possible "ignore" tag
 --
@@ -70,9 +70,6 @@ linux-4.19 (Ben Hutchings)
 --
 mbedtls (Emilio)
 --
-ntfs-3g (Markus Koschany)
-  NOTE: 20211101: too many CVEs (gladk)
---
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in 
Stretch, no fix available for CVE-2021-1077



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3feeb3765955377f8b806786c42ce9fb1b49a89a...83a5b72a4d39814983d32011ce1bc24000d30def

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3feeb3765955377f8b806786c42ce9fb1b49a89a...83a5b72a4d39814983d32011ce1bc24000d30def
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Claim firmware-nonfree in dla-needed.txt

Reply via email to