Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 40a2d6c0 by Thorsten Alteholz at 2020-10-29T17:01:23+01:00 Reserve DLA-2419-1 for dompurify.js - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[29 Oct 2020] DLA-2419-1 dompurify.js - security update + {CVE-2019-16728 CVE-2020-26870} + [stretch] - dompurify.js 0.8.2~dfsg1-1+deb9u1 [29 Oct 2020] DLA-2418-1 libsndfile - security update {CVE-2017-6892 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832} [stretch] - libsndfile 1.0.27-3+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -61,9 +61,6 @@ condor NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto) -- -dompurify.js (Thorsten Alteholz) - NOTE: 20201013: Package only in stretch - needs investigation to identify patch. (lamby) --- f2fs-tools NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0 and 1.13.0, but it is not trivial to NOTE: 20200815: to detect which of the patches correlates to the CVE. Contacting upstream might be necessary. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a2d6c0280da5a0b4aeeee5f3900142b17073a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a2d6c0280da5a0b4aeeee5f3900142b17073a0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits