[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for ark/Stretch

Fri, 20 May 2022 05:00:59 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5376d8b1 by Markus Koschany at 2022-05-20T14:00:06+02:00
Remove no-dsa tags for ark/Stretch

- - - - -
b12d98d8 by Markus Koschany at 2022-05-20T14:00:39+02:00
Reserve DLA-3015-1 for ark

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -118546,7 +118546,6 @@ CVE-2020-24655 (A race condition in the Twilio Authy 
2-Factor Authentication app
 CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks 
can ins ...)
        {DSA-4759-1}
        - ark 4:20.08.1-1 (bug #969437)
-       [stretch] - ark <no-dsa> (Vulnerable even after upstream patch)
        NOTE: 
https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd
        NOTE: https://kde.org/info/security/advisory-20200827-1.txt
 CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the 
insecure kSecA ...)
@@ -136854,7 +136853,6 @@ CVE-2020-16117 (In GNOME evolution-data-server before 
3.35.91, a malicious serve
 CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted 
archive can ...)
        {DSA-4738-1}
        - ark 4:20.04.3-1
-       [stretch] - ark <no-dsa> (Intrusive to backport, partial patch for GUI 
https://people.debian.org/~abhijith/upload/backport_to_1608.patch)
        NOTE: https://kde.org/info/security/advisory-20200730-1.txt
        NOTE: 
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
 CVE-2020-16115


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 May 2022] DLA-3015-1 ark - security update
+       {CVE-2020-16116 CVE-2020-24654}
+       [stretch] - ark 4:16.08.3-2+deb9u1
 [18 May 2022] DLA-3014-1 elog - security update
        {CVE-2020-8659}
        [stretch] - elog 3.1.2-1-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -28,9 +28,6 @@ ansible
   NOTE: 20220427: Lee Garrett (maintainer) took over the work a while ago. See
   NOTE: 20220427: https://salsa.debian.org/debian/ansible/-/commits/stretch/
 --
-ark (Markus Koschany)
-  NOTE: 20220424: programming language C
---
 asterisk (Abhijith PA)
   NOTE: 20220424: programming language C
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b861b8529c856cd414fb0f9c49439635c0b2bc1c...b12d98d82b911018568e8c2f7b88d50094a41059

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b861b8529c856cd414fb0f9c49439635c0b2bc1c...b12d98d82b911018568e8c2f7b88d50094a41059
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to