Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2c048c8c by Markus Koschany at 2020-03-09T11:26:37+01:00 Update status of squid3 in dla-needed.txt. - - - - - 03239c99 by Markus Koschany at 2020-03-09T11:27:27+01:00 Claim wpa in dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -70,19 +70,7 @@ slirp (Utkarsh Gupta) NOTE: 20200223: WIP. -- squid3 (Markus Koschany) - NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf. - NOTE: 20200116: Researched other distros to see if any had backported the fixes. No luck. - NOTE: 20200116: Tried for some time to reproduce the vulnerabilities, but did not succeed. - NOTE: 20200116: The change is rather involved when considering the new SBuf API, so not - NOTE: 20200116: being able to reproduce makes it impossible isolate the minimal change that - NOTE: 20200116: addresses the vulnerabilities. (roberto) - NOTE: 20200120: CVE-2019-12523 It looks like the only new checks is the introduction of NID - NOTE: 20200120: checks in parseUrn. This function replaces parseFinish. It should be easy - NOTE: 20200120: to add those checks without introducing SBuf. (Ola) - NOTE: 20200120: CVE-2019-18676 however is more complicated to locate. Potentially the // skipping - NOTE: 20200120: or the absolute function is the issue but it is hard to tell without more - NOTE: 20200120: details on the intention. (Ola) - NOTE: 20200224: Ongoing work. (apo) + NOTE: 20200309: Requires more tests. (apo) -- tomcat8 (Abhijith PA) NOTE: 20200106: Almost done. Working on failing testcase. @@ -92,7 +80,7 @@ tomcat8 (Abhijith PA) weechat (Thorsten Alteholz) NOTE: 20200309: work is ongoing -- -wpa +wpa (Markus Koschany) NOTE: 20200218: fix for CVE-2019-5061 removes IAPP functionality from hostapd, which is NOTE: normally fine, but should be carefully considered for Jessie (alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/76bfb7f0c135c4b1d053aab799713767298ae7df...03239c99e4781067975f5bbdd4b3535316180682 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/76bfb7f0c135c4b1d053aab799713767298ae7df...03239c99e4781067975f5bbdd4b3535316180682 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
