Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
411ccec1 by Chris Lamb at 2020-11-02T09:36:44+00:00
Triage CVE-2020-27743 in libpam-tacplus for stretch LTS.
- - - - -
1ea25d95 by Chris Lamb at 2020-11-02T09:38:13+00:00
data/dla-needed.txt: Correct ordering
- - - - -
750155ac by Chris Lamb at 2020-11-02T09:38:17+00:00
data/dla-needed.txt: Triage pacemaker for stretch LTS (CVE-2020-25654).
- - - - -
261c1111 by Chris Lamb at 2020-11-02T09:40:16+00:00
Triage CVE-2020-27617 in qemu for stretch LTS.
- - - - -
bf2009ba by Chris Lamb at 2020-11-02T09:41:24+00:00
data/dla-needed.txt: Triage webcit for stretch LTS (CVE-2020-27739,
CVE-2020-27740, CVE-2020-27741 & CVE-2020-27742).
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -833,6 +833,7 @@ CVE-2020-27744 (An issue was discovered on Western Digital
My Cloud NAS devices
NOT-FOR-US: Western Digital My Cloud NAS devices
CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a
failure of RAN ...)
- libpam-tacplus <unfixed> (bug #973250)
+ [stretch] - libpam-tacplus <not-affected> (support for
RAND_pseudo_bytes added later)
NOTE: https://github.com/kravietz/pam_tacplus/pull/163
CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel
WebCit th ...)
- webcit <unfixed> (bug #973385)
@@ -1495,6 +1496,7 @@ CVE-2020-27618
CVE-2020-27617 [net: an assert failure via eth_get_gso_type]
RESERVED
- qemu <unfixed> (bug #973324)
+ [stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
CVE-2020-27616
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -87,6 +87,8 @@ jupyter-notebook (Abhijith PA)
lemonldap-ng
NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could
defer. (lamby)
--
+libdatetime-timezone-perl (Adrian Bunk)
+---
libonig (Markus Koschany)
NOTE: 20201026: Fix for CVE-2020-26159 is too trivial. Besides that, please
consider
NOTE: 20201026: fixing other errors mentioned in
https://github.com/kkos/oniguruma/issues/207
@@ -96,8 +98,6 @@ libonig (Markus Koschany)
libproxy (Emilio)
NOTE: 20201026: patch not sanctioned upstream yet (Emilio)
--
-libdatetime-timezone-perl (Adrian Bunk)
----
linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
@@ -116,6 +116,8 @@ open-build-service
opendmarc
NOTE: 20200719: no patches for remaining CVEs available, everything else is
already done in Stretch (thorsten)
--
+pacemaker
+--
php-horde-trean
NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in
https://bugs.horde.org/ticket/14926 (sunweaver)
NOTE: 20200829: We may not expect too much activity regarding this by
upstream. (sunweaver)
@@ -186,6 +188,8 @@ sympa
NOTE: 20201007: I won't have time to do more this month (Beuc)
NOTE: 20201015: See #972189. (lamby)
--
+webcit
+--
wireshark (Adrian Bunk)
NOTE: 20201007: during last triage, I marked some CVEs as no-dsa, it'd be
great to include
NOTE: 20201007: those fixes as well! \o/ (utkarsh)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/26bfbfa7eb756663570ed240d5544067609be2b0...bf2009ba5862877ade6e9267e2dfa8b6cbe073e1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/26bfbfa7eb756663570ed240d5544067609be2b0...bf2009ba5862877ade6e9267e2dfa8b6cbe073e1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
