Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2220faec by Thorsten Alteholz at 2020-06-28T13:38:17+02:00 correct typo - - - - - c8ed3f3b by Thorsten Alteholz at 2020-06-28T13:46:27+02:00 add net-snmp - - - - - 3dd5a53e by Thorsten Alteholz at 2020-06-28T14:05:02+02:00 CVE-2017-10790 is fixed - - - - - d6bbbdfd by Thorsten Alteholz at 2020-06-28T14:05:57+02:00 Reserve DLA-2255-1 for libtasn1-6 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -24313,7 +24313,7 @@ CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnera [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx <unfixed> [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) - [jessie] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver @@ -170149,7 +170149,6 @@ CVE-2017-10791 (There is an Integer overflow in the hash_int function of the lib CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...) {DSA-4106-1 DLA-1038-1} - libtasn1-6 4.12-2.1 (bug #867398) - [jessie] - libtasn1-6 <no-dsa> (Minor issue) - libtasn1-3 <removed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141 NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[28 Jun 2020] DLA-2255-1 libtasn1-6 - security update + {CVE-2017-10790} + [jessie] - libtasn1-6 4.2-3+deb8u4 [25 Jun 2020] DLA-2254-1 alpine - security update {CVE-2020-14929} [jessie] - alpine 2.11+dfsg1-3+deb8u1 ===================================== data/dla-needed.txt ===================================== @@ -90,6 +90,9 @@ mumble -- mutt (Mike Gabriel) -- +net-snmp + NOTE: 20200628: be aware of the ABI break introduced by the patches! (thorsten) +-- nginx NOTE: 20200505: Patch for CVE-2020-11724 appears to be fairly invasive and, alas, no tests. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3d0564a5cf902c3b07abdb9acd5eff65af1d803e...d6bbbdfd223f36356b7e5c16dcba38287dd69a0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3d0564a5cf902c3b07abdb9acd5eff65af1d803e...d6bbbdfd223f36356b7e5c16dcba38287dd69a0e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits