glewlwyd: reference introductory commit

Sylvain Beucler (@beuc) Tue, 13 Aug 2024 02:09:52 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c2276290 by Sylvain Beucler at 2024-08-13T11:09:00+02:00
CVE-2022-27240,CVE-2023-49208/glewlwyd: reference introductory commit

- - - - -
de678a4c by Sylvain Beucler at 2024-08-13T11:09:00+02:00
dla: more packages to sync with bookworm pu; drop roundcube

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.prospective


Changes:

=====================================
data/CVE/list
=====================================
@@ -69533,8 +69533,9 @@ CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO 
server before 2.7.6 has a poss
        - glewlwyd 2.7.6+ds-1
        [bookworm] - glewlwyd 2.7.5-3+deb12u1
        [bullseye] - glewlwyd <no-dsa> (Minor issue)
-       [buster] - glewlwyd <not-affected> (Vulnerable code not present)
+       [buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812
 (v2.7.6)
+       NOTE: Introduced by: 
https://github.com/babelouest/glewlwyd/commit/13265133e8287f246f2feecb24449179d20c9f0e
 (v2.0.0b1)
 CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Pando ...)
        NOT-FOR-US: Pandora FMS
 CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -190252,8 +190253,9 @@ CVE-2022-1020 (The Product Table for WooCommerce 
(wooproducttable) WordPress plu
 CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has 
a buffer ...)
        - glewlwyd 2.6.1-2
        [bullseye] - glewlwyd <no-dsa> (Minor issue)
-       [buster] - glewlwyd <no-dsa> (Minor issue)
+       [buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a
 (v2.6.2)
+       NOTE: Introduced by: 
https://github.com/babelouest/glewlwyd/commit/e5007f6e102f1260a9562654c4e88f1c6de12c02
 (v2.0.0-b1)
 CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an 
informatio ...)
        {DSA-5157-1 DLA-3009-1}
        - cifs-utils 2:6.14-1.1 (bug #1010818)


=====================================
data/dla-needed.prospective
=====================================
@@ -32,6 +32,10 @@ NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT 
conflict with
 NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see:
 NOTE: IMPORTANT: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian....@packages.debian.org;tag=pu
 
+--
+amanda
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from buster DLA-3681-1 (3 CVEs) and bookworm 
12.4 (CVE-2023-30577) (Beuc/front-desk)
 --
 bind9
   NOTE: 20240729: Added by oldstable Security Team (carnil)
@@ -107,6 +111,11 @@ glance (Thomas Goirand)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
   NOTE: 20240815: zigo prepared bullseye packages, cf. 
http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
 --
+glewlwyd
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.6 (2 CVEs)
+  NOTE: 20240815: Consider fixing postponed CVEs (Beuc/front-desk)
+--
 gpac
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Considered for EOL
@@ -122,6 +131,11 @@ indent
   NOTE: 20240815: pu scheduled 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074142
   NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 
(Beuc/front-desk)
 --
+libxml2
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2022-2309) 
(low-priority)
+  NOTE: 20240815: Consider fixing CVE-2016-3709 (Beuc/front-desk)
+--
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --
@@ -187,10 +201,6 @@ ring
   NOTE: 20230301: might make sense to rebase to current version (jmm)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
 --
-roundcube
-  NOTE: 20240805: Added by oldstable Security Team (jmm)
-  NOTE: 20240815: Follow DSA-5743-1 (CVE-2024-42008,9,10) (Beuc/front-desk)
---
 ruby-httparty
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from DLA-3716-1 (CVE-2024-22049) 
(Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eac65a69e3740fdd6a76d0378edaaa26a3bb0993...de678a4c0e66f4669c1851dc629346e412acf9f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eac65a69e3740fdd6a76d0378edaaa26a3bb0993...de678a4c0e66f4669c1851dc629346e412acf9f6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-27240,CVE-2023-49208/glewlwyd: reference introductory commit

Reply via email to