diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-01-17 18:56:52 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-01-17 18:57:12 +0100 |
commit | 4ac8fd8a29d083404da0eb8f448492c433535eb6 (patch) | |
tree | 9747d594b555770699baf037d8cbd4f717d89fbf | |
parent | 57541cbdd9d687cec67b97ce3d44f880bc850ced (diff) |
Reserve DLA-2886-1 for slurm-llnl
-rw-r--r-- | data/CVE/list | 3 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 8 |
3 files changed, 3 insertions, 11 deletions
diff --git a/data/CVE/list b/data/CVE/list index 9db7a1304c..7455c8084b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -85074,7 +85074,6 @@ CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer O {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #974721) - [stretch] - slurm-llnl <no-dsa> (Minor issue) NOTE: https://www.schedmd.com/news.php?id=240 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81 @@ -120686,7 +120685,6 @@ CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #961406) - [stretch] - slurm-llnl <no-dsa> (Minor issue) [jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html @@ -175597,7 +175595,6 @@ CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...) {DSA-4572-1 DLA-2143-1} - slurm-llnl 19.05.3.2-1 (bug #931880) - [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport) NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...) diff --git a/data/DLA/list b/data/DLA/list index ad2d47bec5..54bffb64cd 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[17 Jan 2022] DLA-2886-1 slurm-llnl - security update + {CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215} + [stretch] - slurm-llnl 16.05.9-1+deb9u5 [17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update {CVE-2021-3481 CVE-2021-45930} [stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index b87e9e362c..a739b4d529 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -119,14 +119,6 @@ samba (Utkarsh Gupta) NOTE: 20211212: Fix is too large, coordination with ELTS-upload NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh) -- -slurm-llnl (Sylvain Beucler) - NOTE: 20211229: CVE-2019-12838 is marked "Too intrusive to backport" but was - NOTE: 20211229: backported to jessie in DLA-2143-1. - NOTE: 20211229: If CVE-2019-12838 gets fixed, then the 4 other "no DSA" CVEs - NOTE: 20211229: should also be checked. (bunk) - NOTE: 20220107: backporting patches (Beuc) - NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage --- vim (Emilio) -- zabbix |