Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1c336754 by Markus Koschany at 2024-04-06T07:39:03+02:00 Claim knot-resolver and wordpress in dla-needed.txt - - - - - c9dfd707 by Markus Koschany at 2024-04-06T07:39:56+02:00 Claim jetty9 in dsa-needed.txt - - - - - aa44a82e by Markus Koschany at 2024-04-06T07:49:26+02:00 CVE-2024-21733,tomcat9: buster is postponed Minor issue. Tests fail. Needs more investigation but is not critical. - - - - - 3 changed files: - data/CVE/list - data/dla-needed.txt - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -19167,6 +19167,7 @@ CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware befor CVE-2024-21733 (Generation of Error Message Containing Sensitive Information vulnerabi ...) - tomcat9 9.0.53-1 [bullseye] - tomcat9 <postponed> (Minor issue, fix along in next update) + [buster] - tomcat9 <postponed> (Minor issue, fix along in next update) NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2 NOTE: https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a (9.0.44) CVE-2024-23387 (FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability ...) ===================================== data/dla-needed.txt ===================================== @@ -114,7 +114,7 @@ jenkins-htmlunit-core-js jetty9 (Markus Koschany) NOTE: 20240303: Added by Front-Desk (apo) -- -knot-resolver +knot-resolver (Markus Koschany) NOTE: 20231029: Added by Front-Desk (gladk) NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk) NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye. (ola) @@ -301,7 +301,7 @@ varnish NOTE: 20240122: Still fixing tests (abhijith) NOTE: 20240213: Fixing tests.(abhijith) -- -wordpress +wordpress (Markus Koschany) NOTE: 20240314: Added by coordinator (roberto) NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and NOTE: 20240314: bookwork. Uploads to spu and ospu should be coordinated. (roberto) ===================================== data/dsa-needed.txt ===================================== @@ -31,7 +31,7 @@ gpac/oldstable -- h2o (jmm) -- -jetty9 +jetty9 (apo) -- libreswan (jmm) Maintainer prepared bookworm-security update, but needs work on bullseye-security backports View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80daa719eb36088138336e3dde00f0092652b90e...aa44a82e33686e44233c73cf7cdb6f0da3e0bf53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80daa719eb36088138336e3dde00f0092652b90e...aa44a82e33686e44233c73cf7cdb6f0da3e0bf53 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits