Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c2e56eb by Anton Gladky at 2022-01-13T21:45:09+01:00
LTS: remove condor from dla-needed
- - - - -
5c9a0629 by Anton Gladky at 2022-01-13T21:45:12+01:00
Mark CVE-2021-45101 ignored for stretch
- - - - -
f47843c7 by Anton Gladky at 2022-01-13T21:45:15+01:00
Mark CVE-2022-22707 as not-affected for stretch
- - - - -
47b68720 by Anton Gladky at 2022-01-13T21:45:15+01:00
LTS: take lighttpd
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1653,6 +1653,7 @@ CVE-2022-22708
CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the
mod_extforward_Forwarded functi ...)
{DSA-5040-1}
- lighttpd <unfixed>
+ [stretch] - lighttpd <not-affected> (Vulnerable code not present; the
issue was introduced in later versions)
NOTE: https://redmine.lighttpd.net/issues/3134
NOTE:
https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
CVE-2022-22706
@@ -6236,6 +6237,7 @@ CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x
before 9.0.4 and 9.1.x
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x
before 9.0.4, ...)
- condor <unfixed> (bug #1002540)
+ [stretch] - condor <ignored> (Patch is too destructive to backport it;
Patch does not apply cleanly. Too many calls in patch, not existed in this
version of the software)
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
NOTE:
https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b
(V8_8_14)
CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home
Assistan ...)
=====================================
data/dla-needed.txt
=====================================
@@ -25,12 +25,6 @@ apng2gif
NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie
NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk)
--
-condor (Anton)
- NOTE: 20211216: full details embargoed
- NOTE: 20211227: the fix is out and now available; cf:
- NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee.
(utkarsh)
- NOTE: 20220109: Prepare for upload (Anton)
---
debian-archive-keyring
NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
@@ -77,8 +71,9 @@ libraw (Abhijith PA)
NOTE: 20211227: 7 CVEs that were fixed for jessie in DLA-1734-1 are unfixed
NOTE: 20211227: in stretch, plenty other unfixed CVEs (bunk)
--
-lighttpd
+lighttpd (Anton)
NOTE: 20220111: a DSA is planned (Beuc)
+ NOTE: 20220113: version in stretch is not affected by CVE-2022-22707 (Anton)
--
linux (Ben Hutchings)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
