[Git][security-tracker-team/security-tracker][master] Reserve DLA-2388-1 for nss

Adrian Bunk Tue, 29 Sep 2020 07:29:16 -0700


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8648affb by Adrian Bunk at 2020-09-29T17:28:20+03:00
Reserve DLA-2388-1 for nss

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -86845,7 +86845,6 @@ CVE-2019-11729 (Empty or malformed p256-ECDH public 
keys may trigger a segmentat
        [stretch] - thunderbird 1:60.8.0-1~deb9u1
        - nss 2:3.45-1
        [buster] - nss 2:3.42.1-1+deb10u1
-       [stretch] - nss <no-dsa> (Minor issue)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729
@@ -86898,7 +86897,6 @@ CVE-2019-11719 (When importing a curve25519 private key 
in PKCS#8format with lea
        [stretch] - thunderbird 1:60.8.0-1~deb9u1
        - nss 2:3.45-1
        [buster] - nss 2:3.42.1-1+deb10u1
-       [stretch] - nss <no-dsa> (Minor issue)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Sep 2020] DLA-2388-1 nss - security update
+       {CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729 
CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829 CVE-2020-12399 
CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403}
+       [stretch] - nss 2:3.26.2-1.1+deb9u2
 [28 Sep 2020] DLA-2387-1 firefox-esr - security update
        {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
        [stretch] - firefox-esr 78.3.0esr-1~deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -100,10 +100,6 @@ mumble
   NOTE: 20200504: discussion going on with [email protected] and mumble 
maintainer (abhijith)
   NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg00008.html 
(abhijith)
 --
-nss (Adrian Bunk)
-  NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including 
fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
-  NOTE: 20200928: testing fixed package (bunk)
---
 open-build-service (Utkarsh Gupta)
   NOTE: 20200928: in touch with upstream - still figuring out the best way to 
backport. (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8648affbd980e753a09cb82026634d2c33a3a032

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8648affbd980e753a09cb82026634d2c33a3a032
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2388-1 for nss

Reply via email to