Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbb05856 by Moritz Muehlenhoff at 2020-12-02T19:37:20+01:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -122,6 +122,7 @@ CVE-2020-29395 (The EventON plugin through 3.0.5 for
WordPress allows addons/?q=
NOT-FOR-US: EventON plugin for WordPress
CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in
dlt_common.c in d ...)
- dlt-daemon 2.18.5-0.3 (bug #976228)
+ [buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
NOTE: https://github.com/GENIVI/dlt-daemon/pull/275
NOTE:
https://github.com/GENIVI/dlt-daemon/commit/ff4f44c159df6f44b48bd38c9d2f104eb360be11
@@ -686,12 +687,14 @@ CVE-2020-29131
CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read
because it tr ...)
- libslirp <unfixed>
- qemu 1:4.1-2
+ [buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA, when fixed
upstream)
NOTE:
https://lists.freedesktop.org/archives/slirp/2020-November/000115.html
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read
because it tri ...)
- libslirp <unfixed>
- qemu 1:4.1-2
+ [buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA, when fixed
upstream)
NOTE:
https://lists.freedesktop.org/archives/slirp/2020-November/000115.html
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
@@ -1117,6 +1120,7 @@ CVE-2020-28936
CVE-2020-28935
RESERVED
- unbound <unfixed>
+ [buster] - unbound <no-dsa> (Minor issue)
[stretch] - unbound <end-of-life> (DSA 4694-1)
NOTE: https://github.com/NLnetLabs/unbound/issues/303
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e87
(release-1.13.0rc1)
@@ -1176,6 +1180,7 @@ CVE-2020-28917 (An issue was discovered in the
view_statistics (aka View fronten
CVE-2020-28916 [e1000e: infinite loop scenario in case of null packet
descriptor]
RESERVED
- qemu <unfixed>
+ [buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon
code in the ...)
@@ -11317,6 +11322,7 @@ CVE-2020-25830 (An issue was discovered in MantisBT
before 2.24.3. Improper esca
- mantis <removed>
CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18,
4.2.x befo ...)
- pdns-recursor 4.3.5-1 (bug #972159)
+ [buster] - pdns-recursor <no-dsa> (Minor issue)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x
through ...)
{DSA-4767-1 DLA-2379-1}
=====================================
data/dsa-needed.txt
=====================================
@@ -25,11 +25,9 @@ linux (carnil)
--
netty
--
-pdns-recursor
---
salt
--
-thunderbird
+thunderbird (jmm)
--
xcftools
Hugo proposed to work on this update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb058566811673796cb5ddf0164309bede0c82b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb058566811673796cb5ddf0164309bede0c82b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
