Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cec8b2a by Sylvain Beucler at 2020-03-03T15:43:30+01:00
dla: tidy statuses a bit
- - - - -
5f8143e5 by Sylvain Beucler at 2020-03-03T15:44:54+01:00
CVE-2014-10399,CVE-2014-10400/lua-cgi: not-affected
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2990,9 +2990,11 @@ CVE-2020-8669
CVE-2020-8668
RESERVED
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential
session IDs, w ...)
- - lua-cgi <unfixed>
+ - lua-cgi <not-affected> (session generation changed in 5.1.x, cf.
CVE-2014-10399)
+ NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for
each sess ...)
- - lua-cgi <unfixed>
+ - lua-cgi <not-affected> (session generation changed in 5.2.x, cf.
CVE-2014-2875)
+ NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
CVE-2020-8667
RESERVED
CVE-2020-8666
=====================================
data/dla-needed.txt
=====================================
@@ -39,8 +39,8 @@ linux (Ben Hutchings)
linux-4.9 (Ben Hutchings)
--
lua-cgi
- NOTE: The package do not seem to be used much, but the popcon data in this
case
- NOTE: may not be entirelly reliable. One possibility is to declare it
unsupported. (Ola)
+ NOTE: 20200227: The package do not seem to be used much, but the popcon data
in this case
+ NOTE: 20200227: may not be entirelly reliable. One possibility is to declare
it unsupported. (Ola)
--
lxc (Roberto C. Sánchez)
NOTE: 20200221: CVE-2017-18641 is probably to extensive to fix in Jessie
@@ -75,7 +75,7 @@ slirp (Utkarsh Gupta)
--
slurm-llnl
NOTE: 20191125: up for testing
https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
- NOTE: Regression found. (abhijith)
+ NOTE: 20191218: Regression found. (abhijith)
--
squid3 (Markus Koschany)
NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
@@ -103,7 +103,7 @@ weechat (Thorsten Alteholz)
--
wpa
NOTE: 20200218: fix for CVE-2019-5061 removes IAPP functionality from
hostapd, which is
- NOTE: normally fine, but should be carefully considered for Jessie
+ NOTE: normally fine, but should be carefully considered for Jessie
(alteholz)
--
xcftools
NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for
review.
@@ -112,7 +112,8 @@ xcftools
NOTE: 20200127: ongoing
--
xen (Roberto C. Sánchez)
- NOTE: 20200222: requested update from Credativ; likely xen will be
end-of-life. (roberto)
+ NOTE: 20200302: xen 4.4 EOL'd, needs public announcement (roberto)
+ NOTE: 20200302: https://lists.debian.org/debian-lts/2020/03/msg00024.html
--
xerces-c
NOTE: 20191231: There is no upstream patch yet. (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a7a4b3e7f0bd76f803f1109f69bc98efbe630e8b...5f8143e5b1080c185bac1b96b7bf9102612cede4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a7a4b3e7f0bd76f803f1109f69bc98efbe630e8b...5f8143e5b1080c185bac1b96b7bf9102612cede4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
