<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Markus Koschany pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6b1dfbb9bd265a043ac20df4d21e0f7da5f205">da6b1dfb</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2021-08-11T15:24:11+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark CVE-2020-25678,  CVE-2021-20288, ceph as no-dsa for Stretch

and postpone CVE-2020-27781

CVE-2021-20288

The fix is to implement a new option to disallow unauthorized global_id reuse and to make

a distinction between legacy clients and new clients. The risks are too high in this case

to break setups which rely on the current behavior. For legacy clients like the

ones in Jessie the default behavior will be permissive for the foreseeable

future hence there is no need to implement a possibly disruptive change.

CVE-2020-25678

Sensitive information are only visible in debug mode.

A simple workaround would be to make the log files not world-readable

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6b1dfbb9bd265a043ac20df4d21e0f7da5f205#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6b1dfbb9bd265a043ac20df4d21e0f7da5f205">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6b1dfbb9bd265a043ac20df4d21e0f7da5f205"}}</script>

</p>

</div>

</body>

</html>