[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: a73970c8 by Abhijith PA at 2020-04-20T10:19:32+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,6 +46,7 @@ linux-4.9 (Ben Hutchings) mumble (Abhijith PA) NOTE: 20200325: Regression in last upload, forgot to follow up. NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) + NOTE: 20200420: Upstream patch is incomplete. Version in stretch is also vulnerable (abhijith) -- nginx (Mike Gabriel) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73970c8c4782a24e69f345838ac78d5eca4c8fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73970c8c4782a24e69f345838ac78d5eca4c8fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: cb768cff by Adrian Bunk at 2020-04-20T07:33:38+03:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,7 +32,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200406: work is ongoing + NOTE: 20200420: work is ongoing -- libntlm (Anton Gladky) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb768cff2c7a0f91ed83c918be7bc9f68fb3c4ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb768cff2c7a0f91ed83c918be7bc9f68fb3c4ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add awl to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6598864a by Salvatore Bonaccorso at 2020-04-20T05:40:39+02:00 Add awl to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +awl + Maintainer proposed update -- chromium -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6598864a07b35e4414db18ab0f812faa6923757e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6598864a07b35e4414db18ab0f812faa6923757e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-11647/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad5a9cd5 by Salvatore Bonaccorso at 2020-04-20T05:37:22+02:00 Add fixed version for CVE-2020-11647/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -907,7 +907,7 @@ CVE-2020-11649 CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - - wireshark (low; bug #958213) + - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5a9cd50f70721a9f7e794b9ff65a39ae2b5bde -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5a9cd50f70721a9f7e794b9ff65a39ae2b5bde You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] crawl bug filed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bdbd830b by Moritz Muehlenhoff at 2020-04-19T23:21:00+02:00 crawl bug filed various no-dsa/postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68,10 +68,14 @@ CVE-2020-11881 RESERVED CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) - kmail (bug #958054) + [buster] - kmail (Minor issue) - kdepim + [stretch] - kdepim (Minor issue) NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 + [buster] - evolution (Minor issue) + [stretch] - evolution (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) @@ -720,7 +724,9 @@ CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the L CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - - crawl + - crawl (bug #958232) + [buster] - crawl (Minor issue) + [stretch] - crawl (Minor issue) NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 @@ -901,7 +907,9 @@ CVE-2020-11649 CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - - wireshark (bug #958213) + - wireshark (low; bug #958213) + [buster] - wireshark (Can be fixed along in next 3.0.x DSA) + [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdbd830bd74a3fc1f573e0c5bc7bf165b7b31925 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdbd830bd74a3fc1f573e0c5bc7bf165b7b31925 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e79ce484 by security tracker role at 2020-04-19T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,55 @@
+CVE-2020-11914
+ RESERVED
+CVE-2020-11913
+ RESERVED
+CVE-2020-11912
+ RESERVED
+CVE-2020-11911
+ RESERVED
+CVE-2020-11910
+ RESERVED
+CVE-2020-11909
+ RESERVED
+CVE-2020-11908
+ RESERVED
+CVE-2020-11907
+ RESERVED
+CVE-2020-11906
+ RESERVED
+CVE-2020-11905
+ RESERVED
+CVE-2020-11904
+ RESERVED
+CVE-2020-11903
+ RESERVED
+CVE-2020-11902
+ RESERVED
+CVE-2020-11901
+ RESERVED
+CVE-2020-11900
+ RESERVED
+CVE-2020-11899
+ RESERVED
+CVE-2020-11898
+ RESERVED
+CVE-2020-11897
+ RESERVED
+CVE-2020-11896
+ RESERVED
+CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2
bytes) i ...)
+ TODO: check
+CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8
bytes) i ...)
+ TODO: check
+CVE-2020-11893
+ RESERVED
+CVE-2020-11892
+ RESERVED
+CVE-2020-11891
+ RESERVED
+CVE-2020-11890
+ RESERVED
+CVE-2020-11889
+ RESERVED
CVE-2020-11888
RESERVED
CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript
inside an ...)
@@ -25181,6 +25233,7 @@ CVE-2020-1959
CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0,
callers of ...)
- druid (bug #825797)
CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring
dynamic ...)
+ {DLA-2181-1}
- shiro (bug #955018)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
NOTE: Fixed by:
https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79ce484f73502ebe528f92f64fe678d7dcb3ab8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79ce484f73502ebe528f92f64fe678d7dcb3ab8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-11647/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ab47e1 by Salvatore Bonaccorso at 2020-04-19T21:14:45+02:00 Add Debian bug reference for CVE-2020-11647/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -849,7 +849,7 @@ CVE-2020-11649 CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - - wireshark + - wireshark (bug #958213) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ab47e1b78e45c2cbb36e86fab52f58049b59c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ab47e1b78e45c2cbb36e86fab52f58049b59c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] node-mqtt n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d1c3220 by Moritz Muehlenhoff at 2020-04-19T19:34:11+02:00 node-mqtt n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159661,7 +159661,7 @@ CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attacker CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...) NOT-FOR-US: IrfanView CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...) - - node-mqtt + - node-mqtt (Fixed before initial upload) CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) NOT-FOR-US: Music Center for PC CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1c322023c8baabe5fc07ac39806439a55b943c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1c322023c8baabe5fc07ac39806439a55b943c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] node-mqtt entered the archive, move from itp status to unfixed for further checks
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: b4d54a85 by Laszlo Boszormenyi (GCS) at 2020-04-19T16:04:02+00:00 node-mqtt entered the archive, move from itp status to unfixed for further checks - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159661,7 +159661,7 @@ CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attacker CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...) NOT-FOR-US: IrfanView CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...) - - node-mqtt (bug #816028) + - node-mqtt CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) NOT-FOR-US: Music Center for PC CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d54a851ff50c2c8c35a392542bc2432fb2fb96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d54a851ff50c2c8c35a392542bc2432fb2fb96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 40c161df3c3745c138fbdb0b698549b61b1947bc failed
The error message was: data/CVE/list:159663: ITPed package node-mqtt is in the archive make: *** [Makefile:34: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and claim libntlm
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 40c161df by Anton Gladky at 2020-04-19T14:23:17+02:00 Add and claim libntlm - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -34,6 +34,8 @@ libmatio (Adrian Bunk) NOTE: 20190428: older changes seem to also be required for them NOTE: 20200406: work is ongoing -- +libntlm (Anton Gladky) +-- libsixel (Dylan Aïssi) NOTE: 20200416 minor issue(s), not patch(es), yet. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40c161df3c3745c138fbdb0b698549b61b1947bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40c161df3c3745c138fbdb0b698549b61b1947bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7067/PHP
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5025eb5 by Salvatore Bonaccorso at 2020-04-19T13:05:32+02:00 Add CVE-2020-7067/PHP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11785,8 +11785,14 @@ CVE-2020-7069 RESERVED CVE-2020-7068 RESERVED -CVE-2020-7067 +CVE-2020-7067 [OOB Read in urldecode()] RESERVED + - php7.4 7.4.5-1 + - php7.3 + - php7.0 + - php5 + NOTE: Fixed in PHP 7.4.5, 7.3.17 + NOTE: PHP Bug: https://bugs.php.net/79465 CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) - php7.4 7.4.5-1 - php7.3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5025eb50729b57356e56ed8df2223c92d3b6ca1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5025eb50729b57356e56ed8df2223c92d3b6ca1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-706{4,5,6}/php7.4 fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4aa4a0be by Salvatore Bonaccorso at 2020-04-19T13:02:46+02:00
CVE-2020-706{4,5,6}/php7.4 fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -11788,21 +11788,21 @@ CVE-2020-7068
CVE-2020-7067
RESERVED
CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x
below ...)
- - php7.4
+ - php7.4 7.4.5-1
- php7.3
- php7.0
- php5
NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
NOTE: PHP Bug: https://bugs.php.net/79329
CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34,
while using ...)
- - php7.4
+ - php7.4 7.4.5-1
- php7.3
- php7.0
- php5
NOTE: Fixed in PHP 7.4.4, 7.3.16
NOTE: PHP Bug: https://bugs.php.net/79371
CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x
below ...)
- - php7.4
+ - php7.4 7.4.5-1
- php7.3
- php7.0
- php5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4a0be1d3983199c3c6997634769630eacfd9c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4a0be1d3983199c3c6997634769630eacfd9c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream commit reference for CVE-2019-17455/libntlm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9af9106 by Salvatore Bonaccorso at 2020-04-19T12:58:21+02:00 Add upstream commit reference for CVE-2019-17455/libntlm - - - - - 272ef87f by Salvatore Bonaccorso at 2020-04-19T13:00:02+02:00 Track fixed version for CVE-2019-17455/libntlm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34596,11 +34596,12 @@ CVE-2019-17457 CVE-2019-17456 RESERVED CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...) - - libntlm (bug #942145) + - libntlm 1.6-1 (bug #942145) [buster] - libntlm (Minor issue) [stretch] - libntlm (Minor issue) [jessie] - libntlm (Minor issue) NOTE: https://gitlab.com/jas/libntlm/issues/2 + NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...) NOT-FOR-US: Bento4 CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWri ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb1041b0133242cfc3660efb016a2ff6d7e5b721...272ef87fc74d209c9f289577a0a6f9e1e3caaf43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb1041b0133242cfc3660efb016a2ff6d7e5b721...272ef87fc74d209c9f289577a0a6f9e1e3caaf43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2181-1 for shiro
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb1041b0 by Chris Lamb at 2020-04-19T10:29:36+01:00
Reserve DLA-2181-1 for shiro
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[19 Apr 2020] DLA-2181-1 shiro - security update
+ {CVE-2020-1957}
+ [jessie] - shiro 1.2.3-1+deb8u1
[18 Apr 2020] DLA-2180-1 file-roller - security update
{CVE-2020-11736}
[jessie] - file-roller 3.14.1-1+deb8u2
=
data/dla-needed.txt
=
@@ -63,14 +63,6 @@ ruby-rack
NOTE: slight possibility of this patch inducing a backdoor on its own.
(utkarsh2102)
NOTE: 20200216: Discussion ongoing on -lts list. (lamby)
--
-shiro (Chris Lamb)
- NOTE: 20200329: https://github.com/apache/shiro/pull/203 (lamby)
- NOTE: 20200329: See 53dc30bf6823c98 in this repo. (lamby)
- NOTE: 20200402: Prepared a package but difficult running tests. Have asked
- NOTE: 20200402: the Debian maintainer at https://bugs.debian.org/955018#12
- NOTE: 20200411: Pinged maintainer and LTS list. (lamby)
- NOTE: 20200415: Further work with another ping to bug. (lamby)
---
sqlite3 (Mike Gabriel)
--
squid3 (Markus Koschany)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb1041b0133242cfc3660efb016a2ff6d7e5b721
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb1041b0133242cfc3660efb016a2ff6d7e5b721
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
