[Git][security-tracker-team/security-tracker][master] Reserve DLA-2992-1 for openvpn

Tue, 03 May 2022 05:12:48 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8e4a4390 by Emilio Pozuelo Monfort at 2022-05-03T14:12:20+02:00
Reserve DLA-2992-1 for openvpn

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -136175,7 +136175,6 @@ CVE-2020-15079 (In PrestaShop from version 1.5.0.0 
and before version 1.7.6.6, t
 CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers 
to bypass ...)
        - openvpn 2.5.1-2 (bug #987380)
        [buster] - openvpn 2.4.7-1+deb10u1
-       [stretch] - openvpn <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573
 (v2.5.2)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a
 (v2.5.2)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b
 (v2.5.2)
@@ -145782,7 +145781,6 @@ CVE-2020-11811 (In qdPM 9.1, an attacker can upload a 
malicious .php file to the
 CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An 
attacker can ...)
        - openvpn 2.4.9-1 (low)
        [buster] - openvpn 2.4.7-1+deb10u1
-       [stretch] - openvpn <no-dsa> (Minor issue)
        [jessie] - openvpn <not-affected> (Vulnerable code introduced in 2.4)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab
 CVE-2020-11809
@@ -304038,7 +304036,6 @@ CVE-2017-12167 (It was found in EAP 7 before 7.0.9 
that properties based files o
        NOT-FOR-US: Red Hat JBoss EAP
 CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are 
vulnerable to ...)
        - openvpn 2.4.4-1 (bug #877089)
-       [stretch] - openvpn <no-dsa> (Minor issue)
        [jessie] - openvpn <no-dsa> (Minor issue)
        [wheezy] - openvpn <no-dsa> (Minor issue)
        NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 May 2022] DLA-2992-1 openvpn - security update
+       {CVE-2017-12166 CVE-2020-11810 CVE-2020-15078 CVE-2022-0547}
+       [stretch] - openvpn 2.4.0-6+deb9u4
 [03 May 2022] DLA-2991-1 twisted - security update
        {CVE-2022-24801}
        [stretch] - twisted 16.6.0-2+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -124,9 +124,6 @@ nvidia-graphics-drivers
 --
 openjdk-8 (pochu)
 --
-openvpn (Emilio)
-  NOTE: 20220402: harmonize with buster/10.10 (Beuc)
---
 pdns
   NOTE: 20220402: harmonize with buster/10.8 (Beuc)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e4a4390e01ae2b6cc9bdf48aeabcd6a561ef184

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e4a4390e01ae2b6cc9bdf48aeabcd6a561ef184
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to