Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a12e5d69 by Moritz Muehlenhoff at 2020-11-03T20:59:06+01:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -364,6 +364,7 @@ CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host
header injection with (fo
NOT-FOR-US: eramba
CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash.
This was ...)
- wireshark <unfixed>
+ [buster] - wireshark <postponed> (Minor issue, can be fixed along in
next DSA)
NOTE:
https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-15.html
@@ -1146,8 +1147,7 @@ CVE-2020-27745
CVE-2020-27744 (An issue was discovered on Western Digital My Cloud NAS
devices before ...)
NOT-FOR-US: Western Digital My Cloud NAS devices
CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a
failure of RAN ...)
- - libpam-tacplus <unfixed> (bug #973250)
- [stretch] - libpam-tacplus <not-affected> (support for
RAND_pseudo_bytes added later)
+ - libpam-tacplus <not-affected> (Vulnerable code added later)
NOTE: https://github.com/kravietz/pam_tacplus/pull/163
NOTE:
https://github.com/kravietz/pam_tacplus/security/advisories/GHSA-rp3p-jm35-jv76
CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel
WebCit th ...)
@@ -1168,6 +1168,7 @@ CVE-2020-27735
RESERVED
CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to
take own ...)
- openrc <unfixed> (bug #973245)
+ [buster] - openrc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenRC/openrc/issues/201
NOTE: http://michael.orlitzky.com/cves/cve-2018-21269.xhtml
CVE-2020-27734
@@ -1813,6 +1814,7 @@ CVE-2020-27618 [iconv when processing invalid multi-byte
input sequences fails t
CVE-2020-27617 [net: an assert failure via eth_get_gso_type]
RESERVED
- qemu <unfixed> (bug #973324)
+ [buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
CVE-2020-27616 [ati-vga: potential crash via invalid x y parameter values]
@@ -6119,6 +6121,7 @@ CVE-2020-25634
CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of
RESTEasy up to ...)
- resteasy <unfixed> (bug #970585)
- resteasy3.0 <unfixed>
+ [buster] - resteasy3.0 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
CVE-2020-25632
RESERVED
@@ -27926,6 +27929,7 @@ CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a
Python IRC bot) before v
CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule
TemporaryF ...)
{DLA-2426-1}
- junit4 4.13.1-1 (bug #972231)
+ [buster] - junit4 <no-dsa> (Minor issue)
NOTE:
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
NOTE:
https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
CVE-2020-15249
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
+mupdf
+--
netty
--
pdns-recursor
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a12e5d6953fad1bf60da05d606cfc8969bae885e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a12e5d6953fad1bf60da05d606cfc8969bae885e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
