diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2021-11-23 14:02:56 +0100 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2021-11-23 14:02:56 +0100 |
commit | 75cccb1191ea67d32029c30e08d5d02e459697f7 (patch) | |
tree | ce587d763234387bea749e6b86edfcf4c003cd74 | |
parent | ab6df6dcd035a3c8c195857942ca0cf510fe503a (diff) |
Reserve DLA-2826-1 for mbedtls
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2021.list | 1 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
4 files changed, 3 insertions, 6 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 314962663d..cb5df40cc7 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -30202,7 +30202,6 @@ CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 fo CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...) {DLA-1518-1} - mbedtls 2.8.0-1 - [stretch] - mbedtls <no-dsa> (Minor issue) - polarssl <removed> [wheezy] - polarssl <no-dsa> (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e @@ -30211,7 +30210,6 @@ CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...) {DLA-1518-1} - mbedtls 2.8.0-1 - [stretch] - mbedtls <no-dsa> (Minor issue) - polarssl <removed> [wheezy] - polarssl <no-dsa> (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 937216339f..6dd54c7922 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -47708,7 +47708,6 @@ CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerabilit - mbedtls <unfixed> [bullseye] - mbedtls <no-dsa> (Minor issue) [buster] - mbedtls <no-dsa> (Minor issue) - [stretch] - mbedtls <no-dsa> (Minor issue) NOTE: Fixed in 2.26.0: https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0 CVE-2021-24118 RESERVED diff --git a/data/DLA/list b/data/DLA/list index 250a360b7d..05839ff5a2 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[23 Nov 2021] DLA-2826-1 mbedtls - security update + {CVE-2018-9988 CVE-2018-9989 CVE-2020-36475 CVE-2020-36476 CVE-2020-36478 CVE-2021-24119} + [stretch] - mbedtls 2.4.2-1+deb9u4 [22 Nov 2021] DLA-2825-1 libmodbus - security update {CVE-2019-14462 CVE-2019-14463} [stretch] - libmodbus 3.0.6-2+deb9u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index f13a9343c8..29ff162439 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -69,9 +69,6 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -mbedtls (Emilio) - NOTE: 20211122: CVEs backported, but one of them introduces a test regression, investigating (Emilio) --- nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 |