Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 344ee89a by Moritz Muehlenhoff at 2022-11-25T19:57:06+01:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -82222,6 +82222,7 @@ CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can b - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 - rpki-client 7.5-1 + [bullseye] - rpki-client <ignored> (Fixed versions need more recent libretls) NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt NOTE: https://github.com/NLnetLabs/routinator/pull/666 NOTE: https://github.com/NLnetLabs/routinator/pull/612 @@ -82232,6 +82233,7 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain - cfrpki <unfixed> [bullseye] - cfrpki <postponed> (Minor issue, revisit when fixed upstream) - rpki-client 7.5-1 + [bullseye] - rpki-client <ignored> (Fixed versions need more recent libretls) NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt NOTE: https://github.com/NLnetLabs/routinator/pull/665 CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...) @@ -82588,6 +82590,7 @@ CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 - rpki-client 7.5-1 + [bullseye] - rpki-client <ignored> (Fixed versions need more recent libretls) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244 CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...) {DSA-5041-1} ===================================== data/dsa-needed.txt ===================================== @@ -33,6 +33,8 @@ netatalk -- nodejs -- +mujs (jmm) +-- multipath-tools -- openexr @@ -47,9 +49,6 @@ pngcheck (jmm) -- rails -- -rpki-client - new 7.6 release required libretls, which isn't in Bullseye --- ruby-image-processing -- ruby-nokogiri View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344ee89ac27454282223c7163eeaf21496bf9dab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344ee89ac27454282223c7163eeaf21496bf9dab You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits