[Git][security-tracker-team/security-tracker][master] 2 commits: Remove polarssl from dla-needed.txt

Markus Koschany apo at debian.org
Sat Nov 9 15:57:20 GMT 2019 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6db1280f by Markus Koschany at 2019-11-09T15:49:13Z
Remove polarssl from dla-needed.txt

- - - - -
c80cac49 by Markus Koschany at 2019-11-09T15:50:27Z
CVE-2019-16910,polarssl: Mark as no-dsa for Jessie.

The fix is intrusive and API changes are required, compared to the potential
attack vector, this is a minor issue.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7856,6 +7856,7 @@ CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, whe
 	[buster] - mbedtls <no-dsa> (Minor issue)
 	[stretch] - mbedtls <no-dsa> (Minor issue)
 	- polarssl <removed>
+	[jessie] - polarssl <no-dsa> (Minor issue, backport intrusive because of API changes)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd (2.7.12)
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b (2.16.3)


=====================================
data/dla-needed.txt
=====================================
@@ -106,8 +106,6 @@ php-horde-groupware (Mike Gabriel)
 php-horde-trean (Mike Gabriel)
   NOTE: 20191030: No upstream fix, yet. (sunweaver)
 --
-polarssl
---
 python-reportlab (Hugo Lefeuvre)
   NOTE: 20191104: still no upstream fix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2d46eb74e83499dd96ca47f63a1ccab5b3da4960...c80cac49e749bd6601ae227faf62bb1402f55b58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2d46eb74e83499dd96ca47f63a1ccab5b3da4960...c80cac49e749bd6601ae227faf62bb1402f55b58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191109/3e2b1e2a/attachment.html>

More information about the debian-security-tracker-commits mailing list