Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits: 17c1f2b5 by Brian May at 2021-01-18T08:17:41+11:00 Reserve DLA-2527-1 for snapd - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[18 Jan 2021] DLA-2527-1 snapd - security update + {CVE-2019-11840} + [stretch] - snapd 2.21-2+deb9u1 [15 Jan 2021] DLA-2526-1 ruby-redcarpet - security update {CVE-2020-26298} [stretch] - ruby-redcarpet 3.3.4-2+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -124,11 +124,6 @@ slirp (pu-Thorsten Alteholz) NOTE: update has to done in sid->buster->stretch NOTE: 20200401: waiting for pu -- -snapd (Brian May) - NOTE: Needs rebuild for CVE-2019-11840 in golang-go.crypto. - NOTE: Problems with upload. - NOTE: 2020-01-13 Still waiting for response from ftp-master. --- spotweb NOTE: 20201220: The affected code (PHP!) uses string concatenation to construct a SQL query. NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c1f2b550eb4e91ddea88edaab75c55f2d5ecd5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c1f2b550eb4e91ddea88edaab75c55f2d5ecd5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits