[Git][security-tracker-team/security-tracker][master] Triage python-cryptography, blueman, and wordpress

Sun, 01 Nov 2020 03:39:03 -0800 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9d04c2d by Utkarsh Gupta at 2020-11-01T17:07:36+05:30
Triage python-cryptography, blueman, and wordpress

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5680,6 +5680,7 @@ CVE-2020-25660
 CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
        RESERVED
        - python-cryptography <unfixed> (bug #973247)
+       [stretch] - python-cryptography <no-dsa> (Minor issue; risk of 
regression & marginal benefit)
        NOTE: 
https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
        NOTE: 
https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
 (3.2)


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ ark
   NOTE: 20200907: patch 
https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes 
(abhijith)
   NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible 
with the old architecture (abhijith)
 --
+blueman
+--
 brotli (Roberto C. Sánchez)
   NOTE: 20201025: Requested patch review on [email protected] (roberto)
 --
@@ -200,6 +202,8 @@ wireshark (Adrian Bunk)
   NOTE: 20201026: will backport 2.6.8-1.1 first, and then try to update in the
   NOTE: 20201026: next buster point release followed by another backport (bunk)
 --
+wordpress (Utkarsh)
+--
 xcftools
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for 
upstream review (hle)
   NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting 
original patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to