Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits: d3c76c38 by Anton Gladky at 2021-10-26T23:32:46+02:00 LTS: ignored -> not-affected for CVE-2021-34432 - - - - - f61b955a by Anton Gladky at 2021-10-26T23:32:46+02:00 Reserve DLA-2793-1 for mosquitto - - - - - b5b16186 by Anton Gladky at 2021-10-26T23:33:04+02:00 Reserve DLA-2794-1 for mosquitto - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -21413,8 +21413,8 @@ CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3. NOT-FOR-US: Eclipse Californium CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...) - mosquitto 2.0.8-1 - [buster] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x) - [stretch] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x) + [buster] - mosquitto <not-affected> (Vulnerable code is not accessible in version 1.x) + [stretch] - mosquitto <not-affected> (Vulnerable code is not accessible in version 1.x) NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,9 @@ +[26 Oct 2021] DLA-2794-1 mosquitto - security update + {CVE-2017-7655} + [stretch] - mosquitto 1.4.10-3+deb9u5 +[26 Oct 2021] DLA-2793-1 mosquitto - security update + {CVE-2017-7655} + [stretch] - mosquitto 1.4.10-3+deb9u5 [24 Oct 2021] DLA-2792-1 faad2 - security update {CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278} [stretch] - faad2 2.8.0~cvs20161113-1+deb9u3 ===================================== data/dla-needed.txt ===================================== @@ -55,10 +55,6 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -mosquitto (Anton Gladky) - NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) - NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) --- ntfs-3g (Anton Gladky) -- nvidia-graphics-drivers View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits