Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: a9be54e8 by Markus Koschany at 2022-02-04T15:12:56+01:00 Reclaim firmware-nonfree in dla-needed.txt - - - - - 9e0de800 by Markus Koschany at 2022-02-04T15:13:27+01:00 Remove minetest from dla-needed.txt again Games are not supported - - - - - f7a81994 by Markus Koschany at 2022-02-04T15:14:51+01:00 CVE-2022-24300,CVE-2022-24301,minetest: Mark as end-of-life - - - - - 3787efe8 by Markus Koschany at 2022-02-04T15:15:33+01:00 Remove guacamole-client from dla-needed.txt - - - - - 3af7f763 by Markus Koschany at 2022-02-04T15:17:43+01:00 CVE-2021-41767,guacamole-client: end-of-life See https://lists.debian.org/debian-lts/2022/01/msg00015.html - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2230,6 +2230,7 @@ CVE-2021-4209 RESERVED CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...) - minetest 5.4.1+repack-1 (bug #1004223) + [stretch] - minetest <end-of-life> (games are not supported in LTS) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0) NOTE: When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included, @@ -2238,6 +2239,7 @@ CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrar NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0) CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...) - minetest 5.4.1+repack-1 + [stretch] - minetest <end-of-life> (games are not supported in LTS) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5 NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0) CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through ...) @@ -23269,6 +23271,7 @@ CVE-2021-41768 RESERVED CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...) - guacamole-client <unfixed> + [stretch] - guacamole-client <end-of-life> (unmaintained stretch-only package) NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6 CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...) NOT-FOR-US: openwhyd ===================================== data/dla-needed.txt ===================================== @@ -31,7 +31,7 @@ debian-archive-keyring NOTE: 20211018: Jonathan is prepping the branch; will work NOTE: 20211018: with him and upload and publish the DLA. (utkarsh) -- -firmware-nonfree +firmware-nonfree (Markus Koschany) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. @@ -48,9 +48,6 @@ gpac (Roberto C. Sánchez) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) -- -guacamole-client (Markus Koschany) - NOTE: 20220114: package unmaintained AFAICS and only present in stretch (Beuc) --- libarchive (Thorsten Alteholz) NOTE: 20220116: waiting for upload in higher releases NOTE: 20220130: new CVEs arrived @@ -62,9 +59,6 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -minetest - NOTE: 20220203: a DSA is planned (Beuc) --- nvidia-graphics-drivers NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/199dc479a6ad00b91b9fde09bed767a5c4b8fdfe...3af7f7635798aefdf9881f985862badd54082931 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/199dc479a6ad00b91b9fde09bed767a5c4b8fdfe...3af7f7635798aefdf9881f985862badd54082931 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits