diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2023-10-28 15:06:31 +0100 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2023-10-28 15:06:31 +0100 |
commit | 23dd068e50af44a19d3ffc6ae5471bdbe3754904 (patch) | |
tree | 3df5197140ef08d74c95d20b27583c6cb1455348 | |
parent | 40b8de3b1ce6d2f7d728fba1e8aa941840349d68 (diff) |
Reserve DLA-3634-1 for nss
-rw-r--r-- | data/CVE/list | 1 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 5 |
3 files changed, 3 insertions, 6 deletions
diff --git a/data/CVE/list b/data/CVE/list index 204ca04049..011a92ff71 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -222425,7 +222425,6 @@ CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1) CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...) - nss 2:3.58-1 - [buster] - nss <no-dsa> (Minor issue) [stretch] - nss <no-dsa> (Minor issue) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private) diff --git a/data/DLA/list b/data/DLA/list index a87eba39ed..b5593ce6de 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[28 Oct 2023] DLA-3634-1 nss - security update + {CVE-2020-25648 CVE-2023-4421} + [buster] - nss 2:3.42.1-1+deb10u7 [28 Oct 2023] DLA-3633-1 gst-plugins-bad1.0 - security update {CVE-2023-40474 CVE-2023-40475 CVE-2023-40476} [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u4 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 22c15c7e68..7ffc91846f 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -129,11 +129,6 @@ nova NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. (lamby) -- -nss (Sean Whitton) - NOTE: 20231015: Added by Front-Desk (ta) - NOTE: 20231027: Patches backported. New tests for CVE-2020-25648 do not pass. - NOTE: 20231027: Asked upstream dev-tech-crypto ML (spwhitton). --- nvidia-cuda-toolkit NOTE: 20230514: Added by Front-Desk (utkarsh) NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have |