[Git][security-tracker-team/security-tracker][master] Reserve DLA-2860-1 for paramiko

Tue, 28 Dec 2021 02:19:48 -0800 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
39a73d26 by Utkarsh Gupta at 2021-12-28T15:49:19+05:30
Reserve DLA-2860-1 for paramiko

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -211642,7 +211642,6 @@ CVE-2018-1000807 (Python Cryptographic Authority 
pyopenssl version prior to vers
 CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 
1.17.6 con ...)
        {DLA-1556-1}
        - paramiko 2.4.2-0.1 (bug #910760)
-       [stretch] - paramiko <no-dsa> (Minor issue)
        NOTE: https://github.com/paramiko/paramiko/issues/1283
        NOTE: 
https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
 CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow 
vulnerability in AQL ( ...)
@@ -238930,7 +238929,6 @@ CVE-2018-7751 (The svg_probe function in 
libavformat/img2dec.c in FFmpeg through
 CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko 
before 1.17. ...)
        {DLA-1556-1}
        - paramiko 2.4.2-0.1 (bug #892859)
-       [stretch] - paramiko <no-dsa> (Minor issue)
        [wheezy] - paramiko <no-dsa> (Minor issue)
        NOTE: https://github.com/paramiko/paramiko/issues/1175
        NOTE: 
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Dec 2021] DLA-2860-1 paramiko - security update
+       {CVE-2018-7750 CVE-2018-1000805}
+       [stretch] - paramiko 2.0.0-1+deb9u1
 [28 Dec 2021] DLA-2859-1 zziplib - security update
        {CVE-2020-18442}
        [stretch] - zziplib 0.13.62-3.2~deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -80,10 +80,6 @@ nvidia-graphics-drivers
   NOTE: nvidia-graphics-drivers-legacy-390xx but will ask for more testing on 
the lts
   NOTE: mailing list tomorrow (apo)
 --
-paramiko (Utkarsh)
-  NOTE: 20211227: CVE-2018-7750 and CVE-2018-1000805 were fixed in DLA-1556-1
-  NOTE: 20211227: in jessie but are unfixed in stretch (bunk)
---
 pgbouncer (Christoph Berg)
   NOTE: 20211220: maintainer might want to upload fixed version
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39a73d266b49c903e8b776165999726ece6c8d0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39a73d266b49c903e8b776165999726ece6c8d0c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to