dla: add systemd

2 files changed, 7 insertions, 0 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 2b2ca42c0f..49ffeb2522 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -178463,8 +178463,10 @@ CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before v
 	NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
 	NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
 	NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
+	NOTE: Introduced by https://github.com/systemd/systemd/commit/70244d1d25eb80b57e160ea004d0e6bf793d4caf (v220)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
+	NOTE: https://www.openwall.com/lists/oss-security/2020/02/05/1
 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
 	{DLA-2373-1 DLA-2144-1}
 	- qemu 1:4.2-2 (bug #949731)
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 5d26206b50..5a049e1147 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -259,6 +259,11 @@ subversion (Roberto C. Sánchez)
   NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
   NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)
 --
+systemd
+  NOTE: 20220524: CVE-2020-1712 marked for update but didn't make it to 9.13
+  NOTE: 20220524: nor DLA-2715-1; the issue looks somewhat invasive to fix but at the
+  NOTE: 20220524: same time is severe and was fixed in other old distros (Beuc/front-desk)
+--
 tiff (Utkarsh)
   NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff.
   NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh)