Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: d58a1355 by Markus Koschany at 2024-04-26T07:35:06+02:00 Reserve DLA-3795-1 for knot-resolver - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -294164,7 +294164,6 @@ CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by callin NOT-FOR-US: Jinjava CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver 5.1.1-0.1 (bug #961076) - [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118 @@ -325401,7 +325400,6 @@ CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kerne NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...) - knot-resolver 5.0.1-1 (bug #946181) - [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4 CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...) NOT-FOR-US: Wikibase Wikidata Query Service GUI @@ -356412,13 +356410,11 @@ CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hype NOTE: https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f (5.0.4) CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot resolver before ...) - knot-resolver 5.0.1-1 (bug #932048) - [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839 NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1 CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot resol ...) - knot-resolver 5.0.1-1 (bug #932048) - [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827 NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[26 Apr 2024] DLA-3795-1 knot-resolver - security update + {CVE-2019-10190 CVE-2019-10191 CVE-2019-19331 CVE-2020-12667} + [buster] - knot-resolver 3.2.1-3+deb10u2 [25 Apr 2024] DLA-3794-1 putty - security update {CVE-2020-14002 CVE-2021-36367 CVE-2023-48795 CVE-2019-17069} [buster] - putty 0.74-1+deb11u1~deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -124,11 +124,6 @@ jenkins-htmlunit-core-js NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it may NOTE: 20231231: … indeed be vulnerable. (lamby) -- -knot-resolver - NOTE: 20231029: Added by Front-Desk (gladk) - NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk) - NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye. (ola) --- less (Abhijith PA) NOTE: 20240418: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58a13559c87c505e23427b90a9de979336e05e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58a13559c87c505e23427b90a9de979336e05e2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits