[Git][security-tracker-team/security-tracker][master] CVE-2020-14928/e-d-s will actually get a DSA/DLA

Tue, 14 Jul 2020 02:34:36 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41edc128 by Emilio Pozuelo Monfort at 2020-07-14T11:33:22+02:00
CVE-2020-14928/e-d-s will actually get a DSA/DLA

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1762,8 +1762,6 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to 
use an insecure connecti
 CVE-2020-14928
        RESERVED
        - evolution-data-server 3.36.4-1
-       [buster] - evolution-data-server <no-dsa> (Will be fixed via spu)
-       [stretch] - evolution-data-server <no-dsa> (Will be fixed via spu)
        NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
        NOTE: 
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
 CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of 
the "We ...)


=====================================
data/dla-needed.txt
=====================================
@@ -46,6 +46,8 @@ condor (Roberto C. Sánchez)
 --
 curl (Thorsten Alteholz)
 --
+evolution-data-server (Emilio)
+--
 ffmpeg (Adrian Bunk)
   NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby)
   NOTE: 20200707: According to jmm, ffmpeg in stretch follows the 3.2.x 
releases


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 curl (ghedo)
 --
+evolution-data-server (jmm)
+--
 libopenmpt
 --
 knot-resolver



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41edc128feaf49f2c595dc8c2fbf1eccdb1665f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41edc128feaf49f2c595dc8c2fbf1eccdb1665f9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to