[Git][security-tracker-team/security-tracker][master] 2 commits: Firefox seems to have a critical vulnerability needing a fix.
Ola Lundqvist
opal at debian.org
Sat Apr 4 12:23:13 BST 2020
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
746ff9c5 by Ola Lundqvist at 2020-04-04T13:16:37+02:00
Firefox seems to have a critical vulnerability needing a fix.
- - - - -
18180eda by Ola Lundqvist at 2020-04-04T13:22:54+02:00
No update needed for jessie for u-boot and viewvc. Followng decision for later releases.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2143,6 +2143,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
- u-boot <unfixed>
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
+ [jessie] - u-boot <ignored> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
CVE-2020-10647
@@ -14355,6 +14356,7 @@ CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability i
- viewvc <removed>
[buster] - viewvc <no-dsa> (Minor issue)
[stretch] - viewvc <no-dsa> (Minor issue)
+ [jessie] - viewvc <no-dsa> (Minor issue)
NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg
NOTE: https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8
NOTE: https://github.com/viewvc/viewvc/issues/211
=====================================
data/dla-needed.txt
=====================================
@@ -16,6 +16,8 @@ ansible
bluez (Emilio)
NOTE: 20200330: wip
--
+firefox-esr
+--
graphicsmagick (Roberto C. Sánchez)
--
jackson-databind (Utkarsh Gupta)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95e74980dc6e1ac677fb015e61d329d577d2c6dd...18180eda71bbec72628d0a0c49522fac91c525cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95e74980dc6e1ac677fb015e61d329d577d2c6dd...18180eda71bbec72628d0a0c49522fac91c525cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200404/1c16245c/attachment.html>
More information about the debian-security-tracker-commits
mailing list