From e84dbe9c33f4fd47b6f4e2337a06dae4e0b4546e Mon Sep 17 00:00:00 2001 From: Sylvain Beucler Date: Sat, 27 Nov 2021 11:14:24 +0100 Subject: Reserve DLA-2827-1 for bluez --- data/CVE/list.2021 | 1 - data/DLA/list | 3 +++ data/dla-needed.txt | 2 -- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index b0a4d18ac7..060c4f0a13 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -6999,7 +6999,6 @@ CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versi - bluez (bug #1000262) [bullseye] - bluez (Minor issue) [buster] - bluez (Minor issue) - [stretch] - bluez (Minor issue) NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388 (4.0) NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0 diff --git a/data/DLA/list b/data/DLA/list index 05839ff5a2..cac101c43d 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[27 Nov 2021] DLA-2827-1 bluez - security update + {CVE-2019-8921 CVE-2019-8922 CVE-2021-41229} + [stretch] - bluez 5.43-2+deb9u5 [23 Nov 2021] DLA-2826-1 mbedtls - security update {CVE-2018-9988 CVE-2018-9989 CVE-2020-36475 CVE-2020-36476 CVE-2020-36478 CVE-2021-24119} [stretch] - mbedtls 2.4.2-1+deb9u4 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index d641a8602d..e0e8b684e2 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -18,8 +18,6 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -bluez (Sylvain Beucler) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) -- cgit v1.2.3