Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcaf52a8 by Moritz Muehlenhoff at 2020-08-31T19:55:46+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -342,6 +342,7 @@ CVE-2020-24862
RESERVED
CVE-2020-25016 (A safety violation was discovered in the rgb crate before
0.8.20 for R ...)
- rust-rgb <unfixed> (bug #969213)
+ [buster] - rust-rgb <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html
NOTE: https://github.com/kornelski/rust-rgb/issues/35
CVE-2020-24861
@@ -15163,6 +15164,7 @@ CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows
remote command execution vi
NOT-FOR-US: vBulletin
CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the
databas ...)
- python-django-celery-results <unfixed> (bug #968305)
+ [buster] - python-django-celery-results <no-dsa> (Minor issue)
NOTE: https://github.com/celery/django-celery-results/issues/142
CVE-2020-17494
RESERVED
@@ -19981,6 +19983,7 @@ CVE-2020-15357
RESERVED
CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener
optimizat ...)
- sqlite3 3.32.3-1
+ [buster] - sqlite3 <no-dsa> (Minor issue)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced in
3.25.0)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
@@ -27597,6 +27600,7 @@ CVE-2020-12404 (For native-to-JS bridging the app
requires a unique token to be
CVE-2020-12403
RESERVED
- nss 2:3.55-1
+ [buster] - nss <no-dsa> (Minor issue)
NOTE:
https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
NOTE:
https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
@@ -39714,6 +39718,7 @@ CVE-2020-8160
RESERVED
CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem <
v1.2.1 th ...)
- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
+ [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
NOTE:
https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
CVE-2020-8158
RESERVED
@@ -86149,6 +86154,7 @@ CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers
from a vulnerability all
NOT-FOR-US: GAT-Ship Web Module
CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier)
is vuln ...)
- ruby-omniauth <unfixed>
+ [buster] - ruby-omniauth <no-dsa> (Minor issue)
[stretch] - ruby-omniauth <no-dsa> (Minor issue)
[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs
CSRF protection in apps)
NOTE: https://github.com/omniauth/omniauth/pull/809
=====================================
data/dsa-needed.txt
=====================================
@@ -22,6 +22,8 @@ knot-resolver
linux (carnil)
Wait until more issues have piled up
--
+qemu
+--
rails (jmm)
Sylvain Beucler proposed to help for the update, remaining CVEs to be done
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcaf52a8d35f813ca8125f4425ed4a2c7b953bcb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcaf52a8d35f813ca8125f4425ed4a2c7b953bcb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
