Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6add35c4 by Markus Koschany at 2023-02-22T00:14:42+01:00 Claim asterisk in dla-needed.txt - - - - - f31bc65e by Markus Koschany at 2023-02-22T00:14:58+01:00 Remove tiff from dla-needed.txt because all CVE have been fixed. - - - - - 10c7f963 by Markus Koschany at 2023-02-22T00:15:24+01:00 Remove snakeyaml from dla-needed.txt - - - - - aaeebf94 by Markus Koschany at 2023-02-22T00:18:08+01:00 Remove nextcloud-desktop from dla-needed.txt and triage the currently open issues as no-dsa because they are minor. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -6496,6 +6496,7 @@ CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server pla CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files from a Nex ...) - nextcloud-desktop 3.6.4-1 [bullseye] - nextcloud-desktop <no-dsa> (Minor issue) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg NOTE: https://github.com/nextcloud/desktop/pull/5233 NOTE: https://github.com/nextcloud/desktop/pull/5240 @@ -33933,6 +33934,7 @@ CVE-2022-41883 (TensorFlow is an open source platform for machine learning. When CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop <no-dsa> (Minor issue) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63 NOTE: https://github.com/nextcloud/desktop/pull/5039 NOTE: https://github.com/nextcloud/server/pull/34559 @@ -40308,24 +40310,28 @@ CVE-2022-39335 CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud. Versions p ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop <no-dsa> (Minor issue) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv NOTE: https://github.com/nextcloud/desktop/issues/4927 NOTE: https://github.com/nextcloud/desktop/pull/5022 CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop <no-dsa> (Minor issue) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8 NOTE: https://github.com/nextcloud/desktop/pull/4972 NOTE: https://hackerone.com/reports/1711847 CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop <no-dsa> (Minor issue) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p NOTE: https://github.com/nextcloud/desktop/pull/4972 NOTE: https://hackerone.com/reports/1668028 CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop <no-dsa> (Minor issue) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5 NOTE: https://github.com/nextcloud/desktop/pull/4944 NOTE: https://hackerone.com/reports/1668028 ===================================== data/dla-needed.txt ===================================== @@ -23,7 +23,7 @@ apache2 (Lee Garrett) NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. -- -asterisk +asterisk (Markus Koschany) NOTE: 20221211: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/asterisk.git -- @@ -154,11 +154,6 @@ netatalk NOTE: 20221212: VCS: https://salsa.debian.org/lts-team/packages/netatalk NOTE: 20221212: Work is ongoing. CVE-2022-0194 is probably too intrusive. (gladk) -- -nextcloud-desktop - NOTE: 20221128: Programming language: C++. - NOTE: 20221128: VCS: https://salsa.debian.org/owncloud-team/nextcloud-desktop - NOTE: 20221128: Please coordinate with maintainer the usage of their git-repo (gladk). --- nheko NOTE: 20230101: Programming language: C++. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/nheko.git @@ -317,12 +312,6 @@ samba NOTE: 20220904: Special attention: High popcon! Used in many servers. NOTE: 20220904: Many postponed or open CVE in general. (apo) -- -snakeyaml - NOTE: 20230101: Programming language: Java. - NOTE: 20230120: There is ongoing upstream discussion at - NOTE: 20230120: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 - NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/snakeyaml.git --- sofia-sip (Adrian Bunk) NOTE: 20230220: Programming language: C. NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/sofia-sip.git @@ -336,11 +325,6 @@ sssd NOTE: 20230131: Programming language: C. NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git -- -tiff - NOTE: 20230222: Programming language: C. - NOTE: 20230222: VCS: https://salsa.debian.org/lts-team/packages/tiff.git - NOTE: 20230222: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/tiff.html --- tinymce NOTE: 20221227: Programming language: PHP. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5bbbd68fe2dd5015e6ccd884cddf71eb98061a...aaeebf94508e7fc456cc63c18531087710858f81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5bbbd68fe2dd5015e6ccd884cddf71eb98061a...aaeebf94508e7fc456cc63c18531087710858f81 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits