[Git][security-tracker-team/security-tracker][master] stretch triage

Abhijith PA Sun, 07 Mar 2021 12:12:14 -0800


Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a055a404 by Abhijith PA at 2021-03-08T01:41:45+05:30
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6569,6 +6569,7 @@ CVE-2021-25289
        RESERVED
        - pillow 8.1.1-1
        [buster] - pillow <not-affected> (Vulnerable code not present)
+       [stretch] - pillow <not-affected> (Vulnerable code not present)
        NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
 CVE-2021-25288
        RESERVED
@@ -66338,10 +66339,12 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using 
Apache Shiro with Spring d
        NOTE: CVE is closely related to CVE-2020-1957.
 CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side 
request fo ...)
        - xmlgraphics-commons <unfixed>
-       TODO: check fixing commits
+       [stretch] - xmlgraphics-commons <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183.patch
 CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request 
forgery, caused ...)
        - batik <unfixed>
-       TODO: check fixing commits
+       [stretch] - batik <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6.patch
 CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need 
to be ex ...)
        - netbeans 12.1-1
        [stretch] - netbeans <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -74,6 +74,10 @@ opendmarc
 --
 php-pear (Ola Lundqvist)
 --
+pillow (Abhijith PA)
+--
+privoxy (Abhijith PA)
+--
 python3.5
   NOTE: 20210217: Fairly invasive change, changing/augmenting API of standard 
library. (lamby)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a055a404512e4d2636a4736f870d7325fb6842ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a055a404512e4d2636a4736f870d7325fb6842ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] stretch triage

Reply via email to