Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7874896e by Sylvain Beucler at 2021-01-22T15:23:46+01:00 dla: drop reel (support-ended, cf. debian-lts@) - - - - - 7ee0c2f0 by Sylvain Beucler at 2021-01-22T15:23:46+01:00 dla: update spotweb status - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -84,10 +84,6 @@ openjpeg2 (Thorsten Alteholz) NOTE: 20201220: more CVEs appeared NOTE: 20210117: testing package -- -reel - NOTE: 20200909: it is now unmaintained. last commit was in Aug 2018. (utkarsh) - NOTE: 20201226: Should be declared unsupported since we just have 5 users in total according to popcon (ola) --- ruby-actionpack-page-caching (Brian May) NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private @@ -129,8 +125,8 @@ slirp (pu-Thorsten Alteholz) -- spotweb (Sylvain Beucler) NOTE: 20201220: The affected code (PHP!) uses string concatenation to construct a SQL query. - NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. - NOTE: 20201220: Yes, this is a dumpster fire. Claim this package at your own peril. (roberto) + NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. (roberto) + NOTE: 20210122: Upstream fix trivially bypassed, reported at https://github.com/spotweb/spotweb/issues/653 -- wireshark NOTE: 20201007: during last triage, I marked some CVEs as no-dsa, it'd be great to include View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1155705e6d4b705f6dee9c2acc6f1ee029fedde3...7ee0c2f0f8367b95b9a926f9d35b92f66ed53f69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1155705e6d4b705f6dee9c2acc6f1ee029fedde3...7ee0c2f0f8367b95b9a926f9d35b92f66ed53f69 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
