[Git][security-tracker-team/security-tracker][master] 2 commits: slurm-llnl: add links to upstream fixes

Wed, 04 Mar 2020 01:53:24 -0800 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67c1d465 by Emilio Pozuelo Monfort at 2020-03-04T10:46:48+01:00
slurm-llnl: add links to upstream fixes

- - - - -
58800fe4 by Emilio Pozuelo Monfort at 2020-03-04T10:52:01+01:00
slurm-llnl no-dsa on jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16596,6 +16596,8 @@ CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x 
before 19.05.5 executes sr
        - slurm-llnl 19.05.5-1
        [buster] - slurm-llnl <no-dsa> (Minor issue)
        [stretch] - slurm-llnl <no-dsa> (Minor issue)
+       [jessie] - slurm-llnl <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
        NOTE: Fixed upstream in 18.08.9, 19.05.5
 CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak 
slurmdbd ...)
@@ -43954,6 +43956,8 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 
18.08.7, and 19.05.0 allo
        {DSA-4572-1}
        - slurm-llnl 19.05.3.2-1 (bug #931880)
        [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
+       [jessie] - slurm-llnl <no-dsa> (Too intrusive to backport)
+       NOTE: 
https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
        NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows 
remote attack ...)
        NOT-FOR-US: Java API in Generalitat de Catalunya 
accesuniversitat.gencat.cat


=====================================
data/dla-needed.txt
=====================================
@@ -74,10 +74,6 @@ ruby-rack
 slirp (Utkarsh Gupta)
   NOTE: 20200223: WIP.
 --
-slurm-llnl
-  NOTE: 20191125: up for testing 
https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
-  NOTE: 20191218: Regression found. (abhijith)
---
 squid3 (Markus Koschany)
   NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
   NOTE: 20200116: Researched other distros to see if any had backported the 
fixes.  No luck.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bf45ebe0c5d8b15ce72331623afdea1283d51ee...58800fe455b43b8028b745ccd415886d706c230e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bf45ebe0c5d8b15ce72331623afdea1283d51ee...58800fe455b43b8028b745ccd415886d706c230e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to