libidn2 as no-dsa

Salvatore Bonaccorso Thu, 30 Jan 2020 12:21:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c5b0ccf0 by Salvatore Bonaccorso at 2020-01-30T21:20:13+01:00
Mark CVE-2019-12290/libidn2 as no-dsa

Furthermore the change is quite intrusive and too risky to solely ship
via a security update. Rather the CVE fix should be postponed and
proposed via a point release.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41219,6 +41219,7 @@ CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 
has Incorrect Access Contro
        NOT-FOR-US: HashiCorp Consul
 CVE-2019-12290 (GNU libidn2 before 2.2.0 fails to perform the roundtrip checks 
specifi ...)
        - libidn2 2.2.0-1
+       [buster] - libidn2 <no-dsa> (Minor issue; intrusive to backport)
        NOTE: 
https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5
 (2.2.0)
        NOTE: https://gitlab.com/libidn/libidn2/merge_requests/71
 CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 
100T (C782 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5b0ccf0d64c99201e3a8f31c8a5ad9c55c19ae6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5b0ccf0d64c99201e3a8f31c8a5ad9c55c19ae6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12290/libidn2 as no-dsa

Reply via email to