Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92ad2370 by Markus Koschany at 2023-02-19T21:27:08+01:00
LTS: add freeradius to dla-needed.txt
- - - - -
7a305a92 by Markus Koschany at 2023-02-19T21:27:09+01:00
CVE-2023-25193,harfbuzz: Buster is no-dsa
Minor issue
- - - - -
aa8f8b08 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add intel-microcode to dla-needed.txt
- - - - -
32e325e3 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add nss to dla-needed.txt
- - - - -
6e4df0b7 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-cryptography to dla-needed.txt
- - - - -
b7273199 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-django to dla-needed.txt
- - - - -
f00ec304 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-werkzeug to dla-needed.txt
- - - - -
bdad6aed by Markus Koschany at 2023-02-19T21:27:10+01:00
CVE-2022-4254,sssd: Mark Buster as no-dsa
Minor issue
- - - - -
493b9372 by Markus Koschany at 2023-02-19T21:27:12+01:00
CVE-2022-4254,sssd: Remove superfluous Bullseye entry
The issue was fixed in 2.3.1 and Bullseye has 2.4.1
- - - - -
45bb9012 by Markus Koschany at 2023-02-19T21:27:12+01:00
LTS: add amanda to dla-needed.txt
- - - - -
900565f6 by Markus Koschany at 2023-02-19T21:27:23+01:00
Claim nss in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2565,6 +2565,7 @@ CVE-2015-10073 (A vulnerability, which was classified as
problematic, was found
CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows
attackers to ...)
- harfbuzz <unfixed> (bug #1030612)
[bullseye] - harfbuzz <no-dsa> (Minor issue)
+ [buster] - harfbuzz <no-dsa> (Minor issue)
NOTE:
https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and
classified a ...)
NOT-FOR-US: Gimmie
@@ -18036,7 +18037,7 @@ CVE-2022-4255 (An info leak issue was identified in all
versions of GitLab EE fr
- gitlab <not-affected> (Specific to EE)
CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in
LDAP f ...)
- sssd 2.3.1-1
- [bullseye] - sssd <no-dsa> (Minor issue)
+ [buster] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894
NOTE: https://github.com/SSSD/sssd/issues/5135
NOTE:
https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,11 @@ rather than remove/replace existing ones.
NOTE: 20221231: Few users. Low prio. (opal).
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/389-ds-base.git
--
+amanda
+ NOTE: 20230219: Programming language: C.
+ NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/amanda.git
+ NOTE: 20230219: Special attention: Privilege escalation.
+--
apache2 (Lee Garrett)
NOTE: 20221227: Programming language: C.
NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
@@ -57,6 +62,10 @@ firmware-nonfree
NOTE: 20221211: Programming language: Binary blob
NOTE: 20221211: VCS:
https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
--
+freeradius
+ NOTE: 20230219: Programming language: C.
+ NOTE: 20230219: VCS:
https://salsa.debian.org/lts-team/packages/freeradius.git
+--
fusiondirectory
NOTE: 20221203: Programming language: PHP.
NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).
@@ -103,6 +112,10 @@ imagemagick (Roberto C. Sánchez)
NOTE: 20220904: Should be synced with Stretch. (apo)
NOTE: 20221212: Integrated patches for 31 CVEs so far and continuing to
work. (roberto)
--
+intel-microcode
+ NOTE: 20230219: Programming language: Binary blob.
+ NOTE: 20230219: VCS:
https://salsa.debian.org/lts-team/packages/intel-microcode.git
+--
kopanocore
NOTE: 20220801: Programming language: C++.
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
(gusnan/retired)
@@ -174,6 +187,10 @@ nodejs
NOTE: 20221105: Source code not checked. It may be so that the vulnerability
is not present in buster.
NOTE: 20221209: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
--
+nss (Markus Koschany)
+ NOTE: 20230219: Programming language: C.
+ NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/nss.git
+--
nvidia-graphics-drivers
NOTE: 20221225: Programming language: binary blob.
NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
@@ -216,10 +233,23 @@ puppet-module-puppetlabs-mysql
NOTE: 20221107: Programming language: Puppet, Ruby.
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/puppet-module-puppetlabs-mysql.git
--
+python-cryptography
+ NOTE: 20230219: Programming language: Python.
+ NOTE: 20230219: VCS:
https://salsa.debian.org/lts-team/packages/python-cryptography.git
+--
+python-django
+ NOTE: 20230219: Programming language: Python.
+ NOTE: 20230219: VCS:
https://salsa.debian.org/python-team/packages/python-django
+ NOTE: 20230219: Special attention: Chris Lamb is the maintainer.
+--
python-oslo.privsep
NOTE: 20221231: Programming language: Python.
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
--
+python-werkzeug
+ NOTE: 20230219: Programming language: Python.
+ NOTE: 20230219: VCS:
https://salsa.debian.org/lts-team/packages/python-werkzeug.git
+--
qemu
NOTE: 20221108: Programming language: C.
NOTE: 20221108: I updated the status of all opened (minor) CVEs to more
clearly state whether we can fix or are waiting for a patch,
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/213baf8d1f9ad63cbb3f35165afe73e046c33918...900565f6d1ee995b7b3dadb93769bd5cbf112254
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/213baf8d1f9ad63cbb3f35165afe73e046c33918...900565f6d1ee995b7b3dadb93769bd5cbf112254
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
