Reserve DLA-3777-1 for composer

3 files changed, 3 insertions, 8 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 2d882d793d..806210f196 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36112,7 +36112,6 @@ CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a com
 	- composer 2.6.4-1
 	[bookworm] - composer <no-dsa> (Minor issue)
 	[bullseye] - composer <no-dsa> (Minor issue)
-	[buster] - composer <no-dsa> (Minor issue, only a problem when configured improperly)
 	NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
 	NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27)
 	NOTE: https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c (2.2.22)
diff --git a/data/DLA/list b/data/DLA/list
index 9e3cb01584..afe24c0e59 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Mar 2024] DLA-3777-1 composer - security update
+	{CVE-2023-43655}
+	[buster] - composer 1.8.4-1+deb10u3
 [26 Mar 2024] DLA-3776-1 nodejs - security update
 	{CVE-2023-30590 CVE-2023-46809 CVE-2024-22025}
 	[buster] - nodejs 10.24.0~dfsg-1~deb10u4
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 031c0726ca..2b2707595c 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -40,13 +40,6 @@ bind9 (Sean Whitton)
   NOTE: 20240218: Added by Front-Desk (lamby)
   NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 already fixed in bullseye. (lamby)
 --
-composer (rouca)
-  NOTE: 20240209: Added by Front-Desk (utkarsh)
-  NOTE: 20240304: Need to backport bullseye (rouca)
-  NOTE: 20240312: likely not affected by CVE-2024-24821 (rouca)
-  NOTE: 20240315: DSA 5632-1 is out (Beuc/front-desk)
-  NOTE: 20240316: Ask clarification about some fixes on DSA 5632-1 without CVE
---
 dnsmasq
   NOTE: 20240303: Added by Front-Desk (apo)
 --