Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits: bacefb3b by Roberto C. Sánchez at 2020-12-20T13:01:33-05:00 LTS: stretch triage - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -128,6 +128,8 @@ php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- +postsrsd +-- reel NOTE: 20200909: it is now unmaintained. last commit was in Aug 2018. (utkarsh) -- @@ -181,6 +183,11 @@ spip (Abhijith PA) NOTE: Low priority for us. sec team did DSA-4798-1 (abhijith) NOTE: 20201220: package in stretch in unusable. Contacted maintainer (abhijith) -- +spotweb + NOTE: 20201220: The affected code (PHP!) uses string concatenation to construct a SQL query. + NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. + NOTE: 20201220: Yes, this is a dumpster fire. Claim this package at your own peril. (roberto) +-- wireshark NOTE: 20201007: during last triage, I marked some CVEs as no-dsa, it'd be great to include NOTE: 20201007: those fixes as well! \o/ (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bacefb3b1d441864774355876cf62a02583b7e7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bacefb3b1d441864774355876cf62a02583b7e7d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits