[Git][security-tracker-team/security-tracker][master] 4 commits: Claim asterisk in dla-needed.txt

Markus Koschany (@apo) Tue, 21 Feb 2023 15:18:41 -0800


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6add35c4 by Markus Koschany at 2023-02-22T00:14:42+01:00
Claim asterisk in dla-needed.txt

- - - - -
f31bc65e by Markus Koschany at 2023-02-22T00:14:58+01:00
Remove tiff from dla-needed.txt because all CVE have been fixed.

- - - - -
10c7f963 by Markus Koschany at 2023-02-22T00:15:24+01:00
Remove snakeyaml from dla-needed.txt

- - - - -
aaeebf94 by Markus Koschany at 2023-02-22T00:18:08+01:00
Remove nextcloud-desktop from dla-needed.txt and triage

the currently open issues as no-dsa because they are minor.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6496,6 +6496,7 @@ CVE-2023-23943 (Nextcloud mail is an email app for the 
nextcloud home server pla
 CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files 
from a Nex ...)
        - nextcloud-desktop 3.6.4-1
        [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+       [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg
        NOTE: https://github.com/nextcloud/desktop/pull/5233
        NOTE: https://github.com/nextcloud/desktop/pull/5240
@@ -33933,6 +33934,7 @@ CVE-2022-41883 (TensorFlow is an open source platform 
for machine learning. When
 CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
        - nextcloud-desktop 3.6.1-1
        [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+       [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
        NOTE: https://github.com/nextcloud/desktop/pull/5039
        NOTE: https://github.com/nextcloud/server/pull/34559
@@ -40308,24 +40310,28 @@ CVE-2022-39335
 CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud. 
Versions p ...)
        - nextcloud-desktop 3.6.1-1
        [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+       [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
        NOTE: https://github.com/nextcloud/desktop/issues/4927
        NOTE: https://github.com/nextcloud/desktop/pull/5022
 CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An 
attacker ...)
        - nextcloud-desktop 3.6.1-1
        [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+       [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
        NOTE: https://github.com/nextcloud/desktop/pull/4972
        NOTE: https://hackerone.com/reports/1711847
 CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An 
attacker ...)
        - nextcloud-desktop 3.6.1-1
        [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+       [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
        NOTE: https://github.com/nextcloud/desktop/pull/4972
        NOTE: https://hackerone.com/reports/1668028
 CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An 
attacker ...)
        - nextcloud-desktop 3.6.1-1
        [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
+       [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
        NOTE: https://github.com/nextcloud/desktop/pull/4944
        NOTE: https://hackerone.com/reports/1668028


=====================================
data/dla-needed.txt
=====================================
@@ -23,7 +23,7 @@ apache2 (Lee Garrett)
   NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
   NOTE: 20221227: Special attention: Double check an update! Package is used 
by many customers and users!.
 --
-asterisk
+asterisk (Markus Koschany)
   NOTE: 20221211: Programming language: C.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/asterisk.git
 --
@@ -154,11 +154,6 @@ netatalk
   NOTE: 20221212: VCS: https://salsa.debian.org/lts-team/packages/netatalk
   NOTE: 20221212: Work is ongoing. CVE-2022-0194 is probably too intrusive. 
(gladk)
 --
-nextcloud-desktop
-  NOTE: 20221128: Programming language: C++.
-  NOTE: 20221128: VCS: https://salsa.debian.org/owncloud-team/nextcloud-desktop
-  NOTE: 20221128: Please coordinate with maintainer the usage of their 
git-repo (gladk).
---
 nheko
   NOTE: 20230101: Programming language: C++.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/nheko.git
@@ -317,12 +312,6 @@ samba
   NOTE: 20220904: Special attention: High popcon! Used in many servers.
   NOTE: 20220904: Many postponed or open CVE in general. (apo)
 --
-snakeyaml
-  NOTE: 20230101: Programming language: Java.
-  NOTE: 20230120: There is ongoing upstream discussion at
-  NOTE: 20230120: 
https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/snakeyaml.git
---
 sofia-sip (Adrian Bunk)
   NOTE: 20230220: Programming language: C.
   NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/sofia-sip.git
@@ -336,11 +325,6 @@ sssd
   NOTE: 20230131: Programming language: C.
   NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
 --
-tiff
-  NOTE: 20230222: Programming language: C.
-  NOTE: 20230222: VCS: https://salsa.debian.org/lts-team/packages/tiff.git
-  NOTE: 20230222: Testsuite: 
https://lts-team.pages.debian.net/wiki/TestSuites/tiff.html
---
 tinymce
   NOTE: 20221227: Programming language: PHP.
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5bbbd68fe2dd5015e6ccd884cddf71eb98061a...aaeebf94508e7fc456cc63c18531087710858f81

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5bbbd68fe2dd5015e6ccd884cddf71eb98061a...aaeebf94508e7fc456cc63c18531087710858f81
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: Claim asterisk in dla-needed.txt

Reply via email to