Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 92ad2370 by Markus Koschany at 2023-02-19T21:27:08+01:00 LTS: add freeradius to dla-needed.txt - - - - - 7a305a92 by Markus Koschany at 2023-02-19T21:27:09+01:00 CVE-2023-25193,harfbuzz: Buster is no-dsa Minor issue - - - - - aa8f8b08 by Markus Koschany at 2023-02-19T21:27:09+01:00 LTS: add intel-microcode to dla-needed.txt - - - - - 32e325e3 by Markus Koschany at 2023-02-19T21:27:09+01:00 LTS: add nss to dla-needed.txt - - - - - 6e4df0b7 by Markus Koschany at 2023-02-19T21:27:09+01:00 LTS: add python-cryptography to dla-needed.txt - - - - - b7273199 by Markus Koschany at 2023-02-19T21:27:09+01:00 LTS: add python-django to dla-needed.txt - - - - - f00ec304 by Markus Koschany at 2023-02-19T21:27:09+01:00 LTS: add python-werkzeug to dla-needed.txt - - - - - bdad6aed by Markus Koschany at 2023-02-19T21:27:10+01:00 CVE-2022-4254,sssd: Mark Buster as no-dsa Minor issue - - - - - 493b9372 by Markus Koschany at 2023-02-19T21:27:12+01:00 CVE-2022-4254,sssd: Remove superfluous Bullseye entry The issue was fixed in 2.3.1 and Bullseye has 2.4.1 - - - - - 45bb9012 by Markus Koschany at 2023-02-19T21:27:12+01:00 LTS: add amanda to dla-needed.txt - - - - - 900565f6 by Markus Koschany at 2023-02-19T21:27:23+01:00 Claim nss in dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2565,6 +2565,7 @@ CVE-2015-10073 (A vulnerability, which was classified as problematic, was found CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...) - harfbuzz <unfixed> (bug #1030612) [bullseye] - harfbuzz <no-dsa> (Minor issue) + [buster] - harfbuzz <no-dsa> (Minor issue) NOTE: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and classified a ...) NOT-FOR-US: Gimmie @@ -18036,7 +18037,7 @@ CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE fr - gitlab <not-affected> (Specific to EE) CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...) - sssd 2.3.1-1 - [bullseye] - sssd <no-dsa> (Minor issue) + [buster] - sssd <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894 NOTE: https://github.com/SSSD/sssd/issues/5135 NOTE: https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 ===================================== data/dla-needed.txt ===================================== @@ -18,6 +18,11 @@ rather than remove/replace existing ones. NOTE: 20221231: Few users. Low prio. (opal). NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git -- +amanda + NOTE: 20230219: Programming language: C. + NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/amanda.git + NOTE: 20230219: Special attention: Privilege escalation. +-- apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git @@ -57,6 +62,10 @@ firmware-nonfree NOTE: 20221211: Programming language: Binary blob NOTE: 20221211: VCS: https://salsa.debian.org/lts-team/packages/firmware-nonfree.git -- +freeradius + NOTE: 20230219: Programming language: C. + NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/freeradius.git +-- fusiondirectory NOTE: 20221203: Programming language: PHP. NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk). @@ -103,6 +112,10 @@ imagemagick (Roberto C. Sánchez) NOTE: 20220904: Should be synced with Stretch. (apo) NOTE: 20221212: Integrated patches for 31 CVEs so far and continuing to work. (roberto) -- +intel-microcode + NOTE: 20230219: Programming language: Binary blob. + NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/intel-microcode.git +-- kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) (gusnan/retired) @@ -174,6 +187,10 @@ nodejs NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster. NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html -- +nss (Markus Koschany) + NOTE: 20230219: Programming language: C. + NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/nss.git +-- nvidia-graphics-drivers NOTE: 20221225: Programming language: binary blob. NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk) @@ -216,10 +233,23 @@ puppet-module-puppetlabs-mysql NOTE: 20221107: Programming language: Puppet, Ruby. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/puppet-module-puppetlabs-mysql.git -- +python-cryptography + NOTE: 20230219: Programming language: Python. + NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/python-cryptography.git +-- +python-django + NOTE: 20230219: Programming language: Python. + NOTE: 20230219: VCS: https://salsa.debian.org/python-team/packages/python-django + NOTE: 20230219: Special attention: Chris Lamb is the maintainer. +-- python-oslo.privsep NOTE: 20221231: Programming language: Python. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git -- +python-werkzeug + NOTE: 20230219: Programming language: Python. + NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/python-werkzeug.git +-- qemu NOTE: 20221108: Programming language: C. NOTE: 20221108: I updated the status of all opened (minor) CVEs to more clearly state whether we can fix or are waiting for a patch, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/213baf8d1f9ad63cbb3f35165afe73e046c33918...900565f6d1ee995b7b3dadb93769bd5cbf112254 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/213baf8d1f9ad63cbb3f35165afe73e046c33918...900565f6d1ee995b7b3dadb93769bd5cbf112254 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits