[Git][security-tracker-team/security-tracker][master] Reserve DLA-2280-1 for python3.5

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c23fafb by Sylvain Beucler at 2020-07-15T11:18:53+02:00
Reserve DLA-2280-1 for python3.5

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3216,7 +3216,6 @@ CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 
improperly computes has
        - python3.7 <removed>
        [buster] - python3.7 <no-dsa> (Minor issue)
        - python3.5 <removed>
-       [stretch] - python3.5 <no-dsa> (Minor issue)
        - python3.4 <removed>
        [jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
        NOTE: https://bugs.python.org/issue41004
@@ -19380,7 +19379,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 
3.5.9, 3.6 through 3.6.10,
        - python3.7 <removed>
        [buster] - python3.7 <no-dsa> (Minor issue)
        - python3.5 <removed>
-       [stretch] - python3.5 <no-dsa> (Minor issue)
        - python3.4 <removed>
        [jessie] - python3.4 <postponed> (Minor issue)
        - python2.7 <unfixed>
@@ -83319,7 +83317,6 @@ CVE-2019-5010 (An exploitable denial-of-service 
vulnerability exists in the X509
        - python3.7 3.7.2-2 (bug #921064)
        - python3.6 <removed> (bug #921063)
        - python3.5 <removed>
-       [stretch] - python3.5 <postponed> (Minor issue, can be fixed along in a 
future DSA)
        - python3.4 <removed>
        - python2.7 2.7.15-6 (bug #921040)
        [stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a 
future DSA)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Jul 2020] DLA-2280-1 python3.5 - security update
+       {CVE-2018-20406 CVE-2018-20852 CVE-2019-5010 CVE-2019-9636 
CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-10160 CVE-2019-16056 
CVE-2019-16935 CVE-2019-18348 CVE-2020-8492 CVE-2020-14422}
+       [stretch] - python3.5 3.5.3-1+deb9u2
 [12 Jul 2020] DLA-2279-1 tomcat8 - security update
        {CVE-2020-9484 CVE-2020-11996}
        [stretch] - tomcat8 8.5.54-0+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -129,10 +129,6 @@ poppler (Emilio)
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
-python3.5 (Sylvain Beucler)
-  NOTE: 20200709: update is ready, only (lotsa) non-critical CVEs so uploading 
after point release unless it's delayed too much (Beuc)
-  NOTE: 20200709: https://www.beuc.net/tmp/debian-lts/python3.5/
---
 qemu
   NOTE: might be fixed by -pu. Visit later (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c23fafbc81985c56911cd37bbf2b0722fae861e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c23fafbc81985c56911cd37bbf2b0722fae861e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits