Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40a2d6c0 by Thorsten Alteholz at 2020-10-29T17:01:23+01:00
Reserve DLA-2419-1 for dompurify.js
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Oct 2020] DLA-2419-1 dompurify.js - security update
+ {CVE-2019-16728 CVE-2020-26870}
+ [stretch] - dompurify.js 0.8.2~dfsg1-1+deb9u1
[29 Oct 2020] DLA-2418-1 libsndfile - security update
{CVE-2017-6892 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634
CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832}
[stretch] - libsndfile 1.0.27-3+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -61,9 +61,6 @@ condor
NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o
(roberto)
NOTE: 20200727: Waiting on maintainer feedback:
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
--
-dompurify.js (Thorsten Alteholz)
- NOTE: 20201013: Package only in stretch - needs investigation to identify
patch. (lamby)
---
f2fs-tools
NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0
and 1.13.0, but it is not trivial to
NOTE: 20200815: to detect which of the patches correlates to the CVE.
Contacting upstream might be necessary. (sunweaver)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a2d6c0280da5a0b4aeeee5f3900142b17073a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a2d6c0280da5a0b4aeeee5f3900142b17073a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
