[Git][security-tracker-team/security-tracker][master] Reserve DLA-3351-1 for apache2

Fri, 03 Mar 2023 06:46:18 -0800 


Lee Garrett pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00
Reserve DLA-3351-1 for apache2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -132879,7 +132879,6 @@ CVE-2021-33194 (golang.org/x/net before 
v0.0.0-20210520170846-37e1c6afe023 allow
 CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation 
and be for ...)
        - apache2 2.4.48-4
        [bullseye] - apache2 2.4.48-3.1+deb11u1
-       [buster] - apache2 <postponed> (Fix along with next DLA)
        [stretch] - apache2 <postponed> (Revisit when a suitable backport is 
available for 2.4.25)
        NOTE: https://portswigger.net/research/http2
        NOTE: 
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c 
(2.4.49)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Mar 2023] DLA-3351-1 apache2 - security update
+       {CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193 
CVE-2022-36760 CVE-2022-37436}
+       [buster] - apache2 2.4.38-3+deb10u9
 [03 Mar 2023] DLA-3350-1 node-css-what - security update
        {CVE-2021-33587 CVE-2022-21222}
        [buster] - node-css-what 2.1.0-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -18,12 +18,6 @@ rather than remove/replace existing ones.
   NOTE: 20221231: Few users. Low prio. (opal).
   NOTE: 20230206: VCS: 
https://salsa.debian.org/lts-team/packages/389-ds-base.git
 --
-apache2 (Lee Garrett)
-  NOTE: 20221227: Programming language: C.
-  NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
-  NOTE: 20221227: Special attention: Double check an update! Package is used 
by many customers and users!.
-  NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee)
---
 ceph
   NOTE: 20221031: Programming language: C++.
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability 
can be exploited in a Debian system.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to