[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2020-26164 as no-dsa for Stretch

Sun, 25 Oct 2020 08:41:04 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aed3ffb4 by Thorsten Alteholz at 2020-10-25T16:17:23+01:00
mark CVE-2020-26164 as no-dsa for Stretch

- - - - -
749e9e47 by Thorsten Alteholz at 2020-10-25T16:17:53+01:00
nothing todo for kdeconnect

- - - - -
fb590041 by Thorsten Alteholz at 2020-10-25T16:26:10+01:00
claim dompurify.js

- - - - -
867237f4 by Thorsten Alteholz at 2020-10-25T16:36:11+01:00
mark CVE-2020-27661 as postponed for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -451,6 +451,7 @@ CVE-2020-27662
 CVE-2020-27661 [divide by zero in dwc2_handle_packet() in hw/usb/hcd-dwc2.c]
        RESERVED
        - qemu <unfixed> (bug #972864)
+       [stretch] - qemu <postponed> (Fix along in future DLA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
        NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03
 CVE-2020-27660
@@ -3574,6 +3575,7 @@ CVE-2020-26165
 CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an 
attacker on the ...)
        - kdeconnect <unfixed> (bug #971736)
        [buster] - kdeconnect <no-dsa> (Minor issue)
+       [stretch] - kdeconnect <no-dsa> (Minor issue)
        NOTE: https://kde.org/info/security/advisory-20201002-1.txt
        NOTE: 
https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163
        NOTE: 
https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa


=====================================
data/dla-needed.txt
=====================================
@@ -60,7 +60,7 @@ condor
   NOTE: 20200712: Requested input on path forward from [email protected] 
(roberto)
   NOTE: 20200727: Waiting on maintainer feedback: 
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
-dompurify.js
+dompurify.js (Thorsten Alteholz)
   NOTE: 20201013: Package only in stretch - needs investigation to identify 
patch. (lamby)
 --
 f2fs-tools
@@ -94,8 +94,6 @@ junit4 (Abhijith PA)
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --
-kdeconnect
---
 lemonldap-ng
   NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could 
defer. (lamby)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/acb559e0f9758219c658e65f2e5ab25725ab519e...867237f49d39ac88f1fee7d8e574357b99d42c82

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/acb559e0f9758219c658e65f2e5ab25725ab519e...867237f49d39ac88f1fee7d8e574357b99d42c82
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to