[Git][security-tracker-team/security-tracker][master] 3 commits: no DLA for libarchive, all CVEs are no-dsa

Sat, 29 Feb 2020 07:47:49 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7aad6f5b by Thorsten Alteholz at 2020-02-29T16:34:01+01:00
no DLA for libarchive, all CVEs are no-dsa

- - - - -
3cd50e16 by Thorsten Alteholz at 2020-02-29T16:47:00+01:00
upload postponed until today

- - - - -
61952181 by Thorsten Alteholz at 2020-02-29T16:47:25+01:00
Reserve DLA-2129-1 for firebird2.5

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -150734,7 +150734,6 @@ CVE-2017-11509 (An authenticated remote attacker can 
execute arbitrary code in F
        - firebird3.0 3.0.3.32900.ds4-3
        [stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in 
a future update)
        - firebird2.5 <removed>
-       [jessie] - firebird2.5 <no-dsa> (Minor issue, can be fixed along in a 
future update)
        NOTE: https://www.tenable.com/security/research/tra-2017-36
        NOTE: Firebird upstream responded to Tenable the issue is not intended 
to be addressed
        NOTE: in "any current release".


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Feb 2020] DLA-2129-1 firebird2.5 - security update
+       {CVE-2017-11509}
+       [jessie] - firebird2.5 2.5.3.26778.ds4-5+deb8u2
 [29 Feb 2020] DLA-2128-1 openjdk-7 - security update
        {CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 
CVE-2020-2654 CVE-2020-2659}
        [jessie] - openjdk-7 7u251-2.6.21-1~deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -20,8 +20,6 @@ ansible (Mike Gabriel)
 --
 libapache2-mod-auth-openidc (Thorsten Alteholz)
 --
-libarchive (Thorsten Alteholz)
---
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at 
them.
   NOTE: triage work needed, help security team for fixes if needed.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f887dc7ed5f40bd29e6637cb191af51b2665810d...61952181ab42f0feefb90ee6529b4d9721a7b898

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f887dc7ed5f40bd29e6637cb191af51b2665810d...61952181ab42f0feefb90ee6529b4d9721a7b898
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to