diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-02-08 13:14:07 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-02-08 13:14:07 +0100 |
commit | 702deaf75bc6c3118cbf4aba93cbef245684cb08 (patch) | |
tree | 420714bc38a2626087048ed5bc3530668e777e55 | |
parent | bf0f91f4eb4d0c7f3ea5ac02ebb925096443d3d7 (diff) |
Ignore CVE-2022-21682 and CVE-2021-43860 for flatpak in stretch
following secteam analysis at 053f0cd77086c6f73f0d6d33b93833e99ba796c0
+ no LTS contributor claimed it since it was added
-rw-r--r-- | data/CVE/list.2021 | 1 | ||||
-rw-r--r-- | data/CVE/list.2022 | 1 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
3 files changed, 2 insertions, 3 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 5be611b4fd..eae30f66d2 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -7457,6 +7457,7 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame {DSA-5049-1} - flatpak 1.12.3-1 [buster] - flatpak <ignored> (Intrusive and risky to backport) + [stretch] - flatpak <ignored> (Intrusive and risky to backport) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 4326680c2c..7cab99a824 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -7909,6 +7909,7 @@ CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution frame {DSA-5049-1} - flatpak 1.12.3-1 [buster] - flatpak <ignored> (Intrusive and risky to backport) + [stretch] - flatpak <ignored> (Intrusive and risky to backport) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa diff --git a/data/dla-needed.txt b/data/dla-needed.txt index a0ca456705..74f06e6a0f 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -42,9 +42,6 @@ firmware-nonfree (Markus Koschany) NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. -- -flatpak - NOTE: 20220113: upcoming DSA; non-trivial backport (Beuc) --- gif2apng (Anton) NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc) NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc) |