diff options
author | Bastien Roucariès <rouca@debian.org> | 2024-03-27 08:34:47 +0000 |
---|---|---|
committer | Bastien Roucariès <rouca@debian.org> | 2024-03-27 08:34:47 +0000 |
commit | 58493d0ae7ad5b00c5f5403c8a3a9aef445775cd (patch) | |
tree | 5e97fcca98887ee4df7cac497bb615b5812b59a1 | |
parent | 48dffac1131c4e1089b0bdd8245e56c530701aab (diff) |
Reserve DLA-3777-1 for composer
-rw-r--r-- | data/CVE/list | 1 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 7 |
3 files changed, 3 insertions, 8 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2d882d793d..806210f196 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -36112,7 +36112,6 @@ CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a com - composer 2.6.4-1 [bookworm] - composer <no-dsa> (Minor issue) [bullseye] - composer <no-dsa> (Minor issue) - [buster] - composer <no-dsa> (Minor issue, only a problem when configured improperly) NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27) NOTE: https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c (2.2.22) diff --git a/data/DLA/list b/data/DLA/list index 9e3cb01584..afe24c0e59 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[27 Mar 2024] DLA-3777-1 composer - security update + {CVE-2023-43655} + [buster] - composer 1.8.4-1+deb10u3 [26 Mar 2024] DLA-3776-1 nodejs - security update {CVE-2023-30590 CVE-2023-46809 CVE-2024-22025} [buster] - nodejs 10.24.0~dfsg-1~deb10u4 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 031c0726ca..2b2707595c 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -40,13 +40,6 @@ bind9 (Sean Whitton) NOTE: 20240218: Added by Front-Desk (lamby) NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 already fixed in bullseye. (lamby) -- -composer (rouca) - NOTE: 20240209: Added by Front-Desk (utkarsh) - NOTE: 20240304: Need to backport bullseye (rouca) - NOTE: 20240312: likely not affected by CVE-2024-24821 (rouca) - NOTE: 20240315: DSA 5632-1 is out (Beuc/front-desk) - NOTE: 20240316: Ask clarification about some fixes on DSA 5632-1 without CVE --- dnsmasq NOTE: 20240303: Added by Front-Desk (apo) -- |