[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2019-20446 as no-dsa for jessie

Thorsten Alteholz Tue, 18 Feb 2020 04:46:14 -0800


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
02cd42a5 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
mark CVE-2019-20446 as no-dsa for jessie

- - - - -
81262bd0 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
add phppgadmin

- - - - -
1e7046c7 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
mark CVE-2020-8518 as no-dsa in Jessie

- - - - -
dc3ea338 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
add systemd

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1178,6 +1178,7 @@ CVE-2020-8519
        RESERVED
 CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of 
arbitrary P ...)
        - php-horde-data <unfixed> (bug #951537)
+       [jessie] - php-horde-data <no-dsa> (Minor issue)
        NOTE: https://lists.horde.org/archives/announce/2020/001285.html
 CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect 
input v ...)
        - squid 4.10-1 (unimportant)
@@ -1194,6 +1195,7 @@ CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 
0.4.1.8 and 0.4.2.x thro
        NOTE: 
http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
 CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file 
with nest ...)
        - librsvg 2.46.4-1
+       [jessie] - librsvg <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
        NOTE: 
https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135
 CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and 
Vigor300B 1.3. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -56,6 +56,9 @@ openjdk-7 (Emilio)
 --
 php5 (Thorsten Alteholz)
 --
+phppgadmin
+  NOTE: 20200218: no fix yet; wide usage
+--
 python-pysaml2 (Abhijith PA)
   NOTE: 2020203: test fails already for the one in archive (abhijith)
 --
@@ -100,6 +103,9 @@ squid3 (Markus Koschany)
   NOTE: 20200120: or the absolute function is the issue but it is hard to tell 
without more
   NOTE: 20200120: details on the intention. (Ola)
 --
+systemd
+  NOTE: 20200218: systemd in Jessie is probably not affected by CVE-2020-1712 
but recheck
+--
 tomcat8 (Abhijith PA)
  NOTE: 20200106: Almost done. Working on failing testcase.
  NOTE: 20200210: TestFormAuthenticator failing with CVE-2019-17563. 
backporting upstream tests (abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/39d03a5493904ce4bdd81ab817e10d7aa4663975...dc3ea338f994cda8cf263206cf52c5172775dd89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/39d03a5493904ce4bdd81ab817e10d7aa4663975...dc3ea338f994cda8cf263206cf52c5172775dd89
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2019-20446 as no-dsa for jessie

Reply via email to