diff options
author | Thorsten Alteholz <debian@alteholz.de> | 2022-04-30 19:15:55 +0200 |
---|---|---|
committer | Thorsten Alteholz <debian@alteholz.de> | 2022-04-30 19:15:55 +0200 |
commit | 5812b1d7debbdecbe714b955e937d5eb98a12934 (patch) | |
tree | 944630a99454ca2ce03945086f724c944b69f81b /data | |
parent | a48e11c6add6800e6aef3ee27c5c4bc978ef95be (diff) |
Reserve DLA-2987-1 for libarchive
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 1 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
3 files changed, 3 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index 3a6dceb19e..b707ce0697 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -173983,7 +173983,6 @@ CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration int CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...) - libarchive 3.4.2-1 (bug #945287) [buster] - libarchive <no-dsa> (Minor issue) - [stretch] - libarchive <no-dsa> (Minor issue) [jessie] - libarchive <no-dsa> (Minor issue) NOTE: https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41 NOTE: https://github.com/libarchive/libarchive/issues/1276 diff --git a/data/DLA/list b/data/DLA/list index f8859468e1..7710aaabd9 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[30 Apr 2022] DLA-2987-1 libarchive - security update + {CVE-2019-19221 CVE-2021-23177 CVE-2021-31566} + [stretch] - libarchive 3.2.2-2+deb9u3 [28 Apr 2022] DLA-2986-1 golang-1.8 - security update {CVE-2022-23772 CVE-2022-23806 CVE-2022-24921} [stretch] - golang-1.8 1.8.1-1+deb9u5 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index fc7e2acf54..c7b5832358 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -77,9 +77,6 @@ kvmtool NOTE: 20220402: stretch-specific, orphaned package (Beuc) NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for acknowledgments/fixes (Beuc) -- -libarchive (Thorsten Alteholz) - NOTE: 20220423: still testing, some tests still fail --- liblouis (Andreas Rönnquist) NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too. |