diff options
| author | Sylvain Beucler <beuc@beuc.net> | 2022-01-17 18:56:52 +0100 |
|---|---|---|
| committer | Sylvain Beucler <beuc@beuc.net> | 2022-01-17 18:57:12 +0100 |
| commit | 63d46282f2db4f87053c82c30005a17fb460c78b (patch) | |
| tree | ecd863cf62ba49bb2b16e0ae45390223a8761762 | |
| parent | 7ac900e692b371f4daf8ee77653fd9d3d75ef1cd (diff) | |
Reserve DLA-2886-1 for slurm-llnl
| -rw-r--r-- | data/CVE/list.2019 | 1 | ||||
| -rw-r--r-- | data/CVE/list.2020 | 2 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 8 |
4 files changed, 3 insertions, 11 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index cd909b43fc..7008e1fd5e 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -21440,7 +21440,6 @@ CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation erro CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...) {DSA-4572-1 DLA-2143-1} - slurm-llnl 19.05.3.2-1 (bug #931880) - [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport) NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 3c98f7d2e2..ca4bde2ffb 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -8317,7 +8317,6 @@ CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer O {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #974721) - [stretch] - slurm-llnl <no-dsa> (Minor issue) NOTE: https://www.schedmd.com/news.php?id=240 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81 @@ -42806,7 +42805,6 @@ CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #961406) - [stretch] - slurm-llnl <no-dsa> (Minor issue) [jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html diff --git a/data/DLA/list b/data/DLA/list index ad2d47bec5..54bffb64cd 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[17 Jan 2022] DLA-2886-1 slurm-llnl - security update + {CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215} + [stretch] - slurm-llnl 16.05.9-1+deb9u5 [17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update {CVE-2021-3481 CVE-2021-45930} [stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index b87e9e362c..a739b4d529 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -119,14 +119,6 @@ samba (Utkarsh Gupta) NOTE: 20211212: Fix is too large, coordination with ELTS-upload NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh) -- -slurm-llnl (Sylvain Beucler) - NOTE: 20211229: CVE-2019-12838 is marked "Too intrusive to backport" but was - NOTE: 20211229: backported to jessie in DLA-2143-1. - NOTE: 20211229: If CVE-2019-12838 gets fixed, then the 4 other "no DSA" CVEs - NOTE: 20211229: should also be checked. (bunk) - NOTE: 20220107: backporting patches (Beuc) - NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage --- vim (Emilio) -- zabbix |