[Git][security-tracker-team/security-tracker][master] jessie and stretch are not affected. strutils.py in oslo.utils is

Abhijith PA abhijith at debian.org
Fri Dec 20 08:39:16 GMT 2019 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72973843 by Abhijith PA at 2019-12-20T08:37:23Z
jessie and stretch are not affected. strutils.py in oslo.utils is
doing its job but code changed to rewrite pattern which in turn
used for another module mistral-lib. Mistral-lib is absent in
jessie and stretch.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -52748,6 +52748,8 @@ CVE-2019-3867
 	NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
 CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...)
 	- python-oslo.utils <unfixed> (low; bug #946060)
+	[jessie] - python-oslo.utils <not-affected> (regex pattern rewrite)
+	[stretch] - python-oslo.utils <not-affected> (regex pattern rewrite)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731
 	NOTE: https://bugs.launchpad.net/tripleo/+bug/1850843
 	NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221


=====================================
data/dla-needed.txt
=====================================
@@ -73,9 +73,6 @@ otrs2 (Abhijith PA)
 --
 php5 (Thorsten Alteholz)
 --
-python-oslo.utils (Abhijith PA)
-  NOTE: Affected code seems to be in oslo/utils/strutils.py. (utkarsh2102)
---
 python-reportlab (Hugo Lefeuvre)
   NOTE: 20191209: still no upstream fix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72973843a30b38ef2e24c9d706308f135aed8580

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72973843a30b38ef2e24c9d706308f135aed8580
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191220/0d3e834c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list