From 63d46282f2db4f87053c82c30005a17fb460c78b Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 17 Jan 2022 18:56:52 +0100
Subject: Reserve DLA-2886-1 for slurm-llnl

---
 data/CVE/list.2019  | 1 -
 data/CVE/list.2020  | 2 --
 data/DLA/list       | 3 +++
 data/dla-needed.txt | 8 --------
 4 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index cd909b43fc..7008e1fd5e 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -21440,7 +21440,6 @@ CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation erro
 CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
 	{DSA-4572-1 DLA-2143-1}
 	- slurm-llnl 19.05.3.2-1 (bug #931880)
-	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 3c98f7d2e2..ca4bde2ffb 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -8317,7 +8317,6 @@ CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer O
 	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #974721)
-	[stretch] - slurm-llnl <no-dsa> (Minor issue)
 	NOTE: https://www.schedmd.com/news.php?id=240
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
 	NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81
@@ -42806,7 +42805,6 @@ CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the
 	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #961406)
-	[stretch] - slurm-llnl <no-dsa> (Minor issue)
 	[jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11)
 	NOTE: https://www.schedmd.com/news.php?id=236
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
diff --git a/data/DLA/list b/data/DLA/list
index ad2d47bec5..54bffb64cd 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[17 Jan 2022] DLA-2886-1 slurm-llnl - security update
+	{CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215}
+	[stretch] - slurm-llnl 16.05.9-1+deb9u5
 [17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update
 	{CVE-2021-3481 CVE-2021-45930}
 	[stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index b87e9e362c..a739b4d529 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -119,14 +119,6 @@ samba (Utkarsh Gupta)
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload
   NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
 --
-slurm-llnl (Sylvain Beucler)
-  NOTE: 20211229: CVE-2019-12838 is marked "Too intrusive to backport" but was
-  NOTE: 20211229: backported to jessie in DLA-2143-1.
-  NOTE: 20211229: If CVE-2019-12838 gets fixed, then the 4 other "no DSA" CVEs
-  NOTE: 20211229: should also be checked. (bunk)
-  NOTE: 20220107: backporting patches (Beuc)
-  NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage
---
 vim (Emilio)
 --
 zabbix
-- 
cgit v1.2.3