[Git][security-tracker-team/security-tracker][master] 3 commits: Claim knot-resolver and wordpress in dla-needed.txt

Markus Koschany (@apo) Fri, 05 Apr 2024 22:51:25 -0700


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1c336754 by Markus Koschany at 2024-04-06T07:39:03+02:00
Claim knot-resolver and wordpress in dla-needed.txt

- - - - -
c9dfd707 by Markus Koschany at 2024-04-06T07:39:56+02:00
Claim jetty9 in dsa-needed.txt

- - - - -
aa44a82e by Markus Koschany at 2024-04-06T07:49:26+02:00
CVE-2024-21733,tomcat9: buster is postponed

Minor issue. Tests fail. Needs more investigation but is not critical.

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19167,6 +19167,7 @@ CVE-2023-28743 (Improper input validation for some 
Intel NUC BIOS firmware befor
 CVE-2024-21733 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
        - tomcat9 9.0.53-1
        [bullseye] - tomcat9 <postponed> (Minor issue, fix along in next update)
+       [buster] - tomcat9 <postponed> (Minor issue, fix along in next update)
        NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2
        NOTE: 
https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a
 (9.0.44)
 CVE-2024-23387 (FusionPBX prior to 5.1.0 contains a cross-site scripting 
vulnerability ...)


=====================================
data/dla-needed.txt
=====================================
@@ -114,7 +114,7 @@ jenkins-htmlunit-core-js
 jetty9 (Markus Koschany)
   NOTE: 20240303: Added by Front-Desk (apo)
 --
-knot-resolver
+knot-resolver (Markus Koschany)
   NOTE: 20231029: Added by Front-Desk (gladk)
   NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
   NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs 
has been fixed in bullseye. (ola)
@@ -301,7 +301,7 @@ varnish
   NOTE: 20240122: Still fixing tests (abhijith)
   NOTE: 20240213: Fixing tests.(abhijith)
 --
-wordpress
+wordpress (Markus Koschany)
   NOTE: 20240314: Added by coordinator (roberto)
   NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in 
bullseye and
   NOTE: 20240314: bookwork. Uploads to spu and ospu should be coordinated. 
(roberto)


=====================================
data/dsa-needed.txt
=====================================
@@ -31,7 +31,7 @@ gpac/oldstable
 --
 h2o (jmm)
 --
-jetty9
+jetty9 (apo)
 --
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on 
bullseye-security backports



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80daa719eb36088138336e3dde00f0092652b90e...aa44a82e33686e44233c73cf7cdb6f0da3e0bf53

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80daa719eb36088138336e3dde00f0092652b90e...aa44a82e33686e44233c73cf7cdb6f0da3e0bf53
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Claim knot-resolver and wordpress in dla-needed.txt

Reply via email to