[Git][security-tracker-team/security-tracker][master] Drop tempoary entry for cyrus-sasl2

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
815dbc82 by Salvatore Bonaccorso at 2022-02-23T22:49:14+01:00
Drop tempoary entry for cyrus-sasl2

This is more a functional incomplete fix. The fix was ammended in
unstable with 2.1.27+dfsg2-1 and so might be done as well in further
uploads of cyrus-sasl2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -154205,13 +154205,6 @@ CVE-2019-19892
        RESERVED
 CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless 
devices 8.0 ...)
        NOT-FOR-US: Mitel SIP-DECT wireless devices
-CVE-2022-XXXX [Incomplete fix for CVE-2019-19906]
-       - cyrus-sasl2 2.1.27+dfsg2-1
-       NOTE: DSA-4591-1 applied only the first part of the fix which was 
incomplete.
-       NOTE: https://github.com/cyrusimap/cyrus-sasl/pull/655
-       NOTE: 
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
-       NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/f96ba043fb9ffd30f7089564164203136506e7ab
 (master)
-       NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/5ac1beeb574cd9d0a518d72330b19d2460688089
 (cyrus-sasl-2.1.28)
 CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write 
leading  ...)
        {DSA-4591-1 DLA-2044-1}
        - cyrus-sasl2 2.1.27+dfsg-2 (bug #947043)
@@ -154222,6 +154215,10 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 
has an out-of-bounds write le
        NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/5ac1beeb574cd9d0a518d72330b19d2460688089
 (cyrus-sasl-2.1.28)
        NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
        NOTE: 
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
+       NOTE: DSA-4591-1 applied only the first part of the fix which was 
incomplete (but can be
+       NOTE: considered a functional incomplete fix, thus not warranting a 
CVE):
+       NOTE: https://github.com/cyrusimap/cyrus-sasl/pull/655
+       NOTE: The functional incomplete fix was already addressed in unstable 
with 2.1.27+dfsg2-1
 CVE-2019-16787
        REJECTED
 CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow 
vulnerability ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/815dbc82a107316805b06f782547cae740c23a26

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/815dbc82a107316805b06f782547cae740c23a26
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits