Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6db1280f by Markus Koschany at 2019-11-09T15:49:13Z Remove polarssl from dla-needed.txt - - - - - c80cac49 by Markus Koschany at 2019-11-09T15:50:27Z CVE-2019-16910,polarssl: Mark as no-dsa for Jessie. The fix is intrusive and API changes are required, compared to the potential attack vector, this is a minor issue. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -7856,6 +7856,7 @@ CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, whe [buster] - mbedtls <no-dsa> (Minor issue) [stretch] - mbedtls <no-dsa> (Minor issue) - polarssl <removed> + [jessie] - polarssl <no-dsa> (Minor issue, backport intrusive because of API changes) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 NOTE: https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd (2.7.12) NOTE: https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b (2.16.3) ===================================== data/dla-needed.txt ===================================== @@ -106,8 +106,6 @@ php-horde-groupware (Mike Gabriel) php-horde-trean (Mike Gabriel) NOTE: 20191030: No upstream fix, yet. (sunweaver) -- -polarssl --- python-reportlab (Hugo Lefeuvre) NOTE: 20191104: still no upstream fix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2d46eb74e83499dd96ca47f63a1ccab5b3da4960...c80cac49e749bd6601ae227faf62bb1402f55b58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2d46eb74e83499dd96ca47f63a1ccab5b3da4960...c80cac49e749bd6601ae227faf62bb1402f55b58 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits