Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker
Commits: f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00 Reserve DLA-3351-1 for apache2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -132879,7 +132879,6 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...) - apache2 2.4.48-4 [bullseye] - apache2 2.4.48-3.1+deb11u1 - [buster] - apache2 <postponed> (Fix along with next DLA) [stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25) NOTE: https://portswigger.net/research/http2 NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c (2.4.49) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[03 Mar 2023] DLA-3351-1 apache2 - security update + {CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193 CVE-2022-36760 CVE-2022-37436} + [buster] - apache2 2.4.38-3+deb10u9 [03 Mar 2023] DLA-3350-1 node-css-what - security update {CVE-2021-33587 CVE-2022-21222} [buster] - node-css-what 2.1.0-1+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -18,12 +18,6 @@ rather than remove/replace existing ones. NOTE: 20221231: Few users. Low prio. (opal). NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git -- -apache2 (Lee Garrett) - NOTE: 20221227: Programming language: C. - NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git - NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. - NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee) --- ceph NOTE: 20221031: Programming language: C++. NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits