Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits: f1e11b90 by Mike Gabriel at 2020-09-03T14:40:03+02:00 data/dla-needed.txt: take samba from Ola and look into Samba AD related CVEs - - - - - 5f4994db by Mike Gabriel at 2020-09-03T14:42:49+02:00 data/dla-needed.txt: unclaim fossil instead - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -63,7 +63,10 @@ firefox-esr (Emilio) NOTE: 20200720: working on ESR 78 backport. (pochu) NOTE: 20200831: backported llvm 10 and wasi-libc, looking into rustc/cargo (pochu) -- -fossil (Mike Gabriel) +fossil + NOTE: 20200903: looked into CVE-2020-24614: the fix for this CVE partially applies, but does not apply around a + NOTE: 20200903: database query in src/add.c. In fact, the patch fixing this CVE is quite invasive. Maybe decide + NOTE: 20200903: not to fix it? -- freerdp (Mike Gabriel) -- @@ -154,12 +157,13 @@ ruby-rack-cors (Utkarsh Gupta) NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby) NOTE: 20200831: got a reproducer very recently. (utkarsh) -- -samba (Ola Lundqvist) +samba (Mike Gabriel) NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh) NOTE: 20200801: Stretch update already released, so no conflict. (roberto) NOTE: 20200801: Patches for CVE-2020-14303, CVE-2020-10760, CVE-2020-10745, and CVE-2020-10740, are ready. (roberto) NOTE: 20200801: Best to wait for additional CVEs before uploading; check with Roberto for patches. (roberto) NOTE: 20200830: Will remove this entry and mark all current CVEs as postponed. But first I need to know were the patches are (ola). + NOTE: 20200903: As discussed internally, I will look into Samba AD CVEs and revisit the risk assessment, plus fix the more severe issues (sunweaver) -- shiro -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f332654ee928678ed666de2316998a0bcce57f3b...5f4994db4e0aab92666095e2b0393be5f5bbcdde -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f332654ee928678ed666de2316998a0bcce57f3b...5f4994db4e0aab92666095e2b0393be5f5bbcdde You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
