Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 08cbb2ff by Thorsten Alteholz at 2020-12-06T17:04:06+01:00 mark CVE-2020-27818 as no-dsa for Stretch - - - - - 6f10c86e by Thorsten Alteholz at 2020-12-06T17:05:17+01:00 mark CVE-2020-27821 as postponed for Stretch - - - - - 9a70de2d by Thorsten Alteholz at 2020-12-06T17:09:56+01:00 mark CVE-2020-29562 as no-dsa for Stretch - - - - - 7e763b66 by Thorsten Alteholz at 2020-12-06T17:10:35+01:00 mark CVE-2020-29573 as no-dsa for Stretch - - - - - 8725f0a1 by Thorsten Alteholz at 2020-12-06T17:14:02+01:00 add golang-websocket - - - - - 10f47fcf by Thorsten Alteholz at 2020-12-06T17:17:00+01:00 mark CVE-2020-17521 as no-dsa for Stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -36,6 +36,7 @@ CVE-2020-29574 RESERVED CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...) - glibc <unfixed> + [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26649 NOTE: https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61 @@ -64,6 +65,7 @@ CVE-2020-29563 RESERVED CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...) - glibc <unfixed> (bug #976391) + [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26923 NOTE: https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does ...) @@ -6885,6 +6887,7 @@ CVE-2020-27822 CVE-2020-27821 [heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c] RESERVED - qemu <unfixed> + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651 CVE-2020-27820 [use-after-free in nouveau kernel module] RESERVED @@ -6897,6 +6900,7 @@ CVE-2020-27818 RESERVED - pngcheck 2.3.0-13 (bug #976350) [buster] - pngcheck <no-dsa> (Minor issue) + [stretch] - pngcheck <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011 NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch CVE-2020-27817 @@ -29095,6 +29099,7 @@ CVE-2020-17522 CVE-2020-17521 [Information Disclosure] RESERVED - groovy <unfixed> + [stretch] - groovy <no-dsa> (Minor issue) - groovy2 <removed> NOTE: https://issues.apache.org/jira/browse/GROOVY-9824 NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1 ===================================== data/dla-needed.txt ===================================== @@ -51,6 +51,8 @@ firmware-nonfree (Emilio) -- golang-golang-x-net-dev -- +golang-websocket +-- influxdb -- intel-microcode View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4fb490c27e8bfa2c7a60c775a19d2598a708c18...10f47fcfa30572abf1b592aea6b69ac285529086 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4fb490c27e8bfa2c7a60c775a19d2598a708c18...10f47fcfa30572abf1b592aea6b69ac285529086 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits