diff options
author | Utkarsh Gupta <utkarsh@debian.org> | 2021-12-28 15:49:19 +0530 |
---|---|---|
committer | Utkarsh Gupta <utkarsh@debian.org> | 2021-12-28 15:49:19 +0530 |
commit | 39a73d266b49c903e8b776165999726ece6c8d0c (patch) | |
tree | 317674c503ebb55c24c0c2713d9667aa89983f11 | |
parent | ff9b0f5b9b40a88175f8211c5db29db1bd6519c0 (diff) |
Reserve DLA-2860-1 for paramiko
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 4 |
3 files changed, 3 insertions, 6 deletions
diff --git a/data/CVE/list b/data/CVE/list index de92c8822e..e7a634e15b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -211642,7 +211642,6 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...) {DLA-1556-1} - paramiko 2.4.2-0.1 (bug #910760) - [stretch] - paramiko <no-dsa> (Minor issue) NOTE: https://github.com/paramiko/paramiko/issues/1283 NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ( ...) @@ -238930,7 +238929,6 @@ CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...) {DLA-1556-1} - paramiko 2.4.2-0.1 (bug #892859) - [stretch] - paramiko <no-dsa> (Minor issue) [wheezy] - paramiko <no-dsa> (Minor issue) NOTE: https://github.com/paramiko/paramiko/issues/1175 NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516 diff --git a/data/DLA/list b/data/DLA/list index 303d47bf0a..6065278e25 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[28 Dec 2021] DLA-2860-1 paramiko - security update + {CVE-2018-7750 CVE-2018-1000805} + [stretch] - paramiko 2.0.0-1+deb9u1 [28 Dec 2021] DLA-2859-1 zziplib - security update {CVE-2020-18442} [stretch] - zziplib 0.13.62-3.2~deb9u2 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 4791bfdda7..927048c1b3 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -80,10 +80,6 @@ nvidia-graphics-drivers NOTE: nvidia-graphics-drivers-legacy-390xx but will ask for more testing on the lts NOTE: mailing list tomorrow (apo) -- -paramiko (Utkarsh) - NOTE: 20211227: CVE-2018-7750 and CVE-2018-1000805 were fixed in DLA-1556-1 - NOTE: 20211227: in jessie but are unfixed in stretch (bunk) --- pgbouncer (Christoph Berg) NOTE: 20211220: maintainer might want to upload fixed version -- |