Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c2e56eb by Anton Gladky at 2022-01-13T21:45:09+01:00 LTS: remove condor from dla-needed - - - - - 5c9a0629 by Anton Gladky at 2022-01-13T21:45:12+01:00 Mark CVE-2021-45101 ignored for stretch - - - - - f47843c7 by Anton Gladky at 2022-01-13T21:45:15+01:00 Mark CVE-2022-22707 as not-affected for stretch - - - - - 47b68720 by Anton Gladky at 2022-01-13T21:45:15+01:00 LTS: take lighttpd - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1653,6 +1653,7 @@ CVE-2022-22708 CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...) {DSA-5040-1} - lighttpd <unfixed> + [stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions) NOTE: https://redmine.lighttpd.net/issues/3134 NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 CVE-2022-22706 @@ -6236,6 +6237,7 @@ CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/ CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...) - condor <unfixed> (bug #1002540) + [stretch] - condor <ignored> (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...) ===================================== data/dla-needed.txt ===================================== @@ -25,12 +25,6 @@ apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk) -- -condor (Anton) - NOTE: 20211216: full details embargoed - NOTE: 20211227: the fix is out and now available; cf: - NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee. (utkarsh) - NOTE: 20220109: Prepare for upload (Anton) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) @@ -77,8 +71,9 @@ libraw (Abhijith PA) NOTE: 20211227: 7 CVEs that were fixed for jessie in DLA-1734-1 are unfixed NOTE: 20211227: in stretch, plenty other unfixed CVEs (bunk) -- -lighttpd +lighttpd (Anton) NOTE: 20220111: a DSA is planned (Beuc) + NOTE: 20220113: version in stretch is not affected by CVE-2022-22707 (Anton) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits