[Git][security-tracker-team/security-tracker][master] 2 commits: Remove postponed entry for CVE-2019-1551/openssl1.0

Salvatore Bonaccorso carnil at debian.org
Wed Dec 25 20:17:26 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
423327f2 by Salvatore Bonaccorso at 2019-12-25T20:15:17Z
Remove postponed entry for CVE-2019-1551/openssl1.0

Notably the entry was wrong, since there is not openssl1.0 in buster,
but the update is now pending by a maintainers upload based on the new
security release.

- - - - -
28f0976b by Salvatore Bonaccorso at 2019-12-25T20:17:05Z
Add openssl1.0 to dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -61373,7 +61373,6 @@ CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring proced
 	[stretch] - openssl <postponed> (Wait until next upstream security release)
 	[jessie] - openssl <not-affected> (Affected modules are not present in Jessie)
 	- openssl1.0 <removed> (low)
-	[buster] - openssl1.0 <postponed> (Wait until next upstream security release)
 	NOTE: https://www.openssl.org/news/secadv/20191206.txt
 	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98


=====================================
data/dsa-needed.txt
=====================================
@@ -45,6 +45,9 @@ nodejs
 nss/oldstable (jmm)
   Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508
 --
+openssl1.0/oldstable (jmm)
+  Update done by maintainer
+--
 poppler (jmm)
 --
 python3.5 (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/128e1b9e6496d8354d72222386f3d76058fab2a3...28f0976b557c8c67fb06bda2835603645b5c2048

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/128e1b9e6496d8354d72222386f3d76058fab2a3...28f0976b557c8c67fb06bda2835603645b5c2048
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191225/c9953933/attachment.html>

More information about the debian-security-tracker-commits mailing list