[Git][security-tracker-team/security-tracker][master] stretch triage

Wed, 07 Oct 2020 03:11:38 -0700 


Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
33833a83 by Abhijith PA at 2020-10-07T15:39:55+05:30
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -495,16 +495,19 @@ CVE-1999-0199 (manual/search.texi in the GNU C Library 
(aka glibc) before 2.2 la
 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 
0.21.0-rc1 has a  ...)
        - opensc <unfixed>
        [buster] - opensc <no-dsa> (Minor issue)
+       [stretch] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 
0.21.0-rc1 ...)
        - opensc <unfixed>
        [buster] - opensc <no-dsa> (Minor issue)
+       [stretch] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
        TODO: check, unclear fixing commit
 CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 
0.21.0-rc1 ha ...)
        - opensc <unfixed>
        [buster] - opensc <no-dsa> (Minor issue)
+       [stretch] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
 CVE-2020-26569


=====================================
data/dla-needed.txt
=====================================
@@ -170,6 +170,10 @@ slirp
   NOTE: CVE-2020-7039 to be applied patched first, as they both patch
   NOTE: the same lines of code in tcp_subr.c (bam).
 --
+spice
+--
+spice-gtk
+--
 sympa (Sylvain Beucler)
   NOTE: 20200525: Incomplete patch. Not the complete patch is made public. 
(utkarsh)
   NOTE: 20200525: But that is weird, given their announcement. (utkarsh)
@@ -188,6 +192,8 @@ thunderbird (Emilio)
 tinymce (Abhijith PA)
   NOTE: 20201003: relevant commits are hard to chase down (abhijith)
 --
+wireshark
+--
 xcftools
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for 
upstream review (hle)
   NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting 
original patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33833a8339dc954c8771f0d6f457b8338ea6f1b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33833a8339dc954c8771f0d6f457b8338ea6f1b5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to