[Git][security-tracker-team/security-tracker][master] 2 commits: After investigating further, remove samba from dla-needed.txt; this is a minor...

Chris Lamb lamby at debian.org
Thu Apr 30 13:03:23 BST 2020



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2b97709 by Chris Lamb at 2020-04-30T13:03:13+01:00
After investigating further, remove samba from dla-needed.txt; this is a minor issue and the patch is very invasive (eg. http://paste.debian.net/plain/1143919 is big but not even complete)

- - - - -
fa74cfc2 by Chris Lamb at 2020-04-30T13:03:13+01:00
dla-needed.txt: Add drive-thru note for openldap.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5461,6 +5461,7 @@ CVE-2020-10704
 	- samba <unfixed>
 	[buster] - samba <postponed> (Can be fixed along in future DSA)
 	[stretch] - samba <postponed> (Can be fixed along in future DSA)
+	[jessie] - samba <postponed> (Minor issue and the patch is very invisible, eg. http://paste.debian.net/plain/1143919 is not even complete)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
 	NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html
 CVE-2020-10703 [Potential denial of service via active pool without target path]


=====================================
data/dla-needed.txt
=====================================
@@ -65,6 +65,7 @@ opendmarc (Thorsten Alteholz)
   NOTE: 20200420: still testing package, original patch does not seem to be enough, still ongoing
 --
 openldap (Roberto C. Sánchez)
+  NOTE: 20200430: Similar issue to samba's CVE-2020-10704. (lamby)
 --
 otrs2 (Abhijith PA)
   NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith)
@@ -78,8 +79,6 @@ php5 (Thorsten Alteholz)
 --
 qemu (Adrian Bunk)
 --
-samba (Chris Lamb)
---
 sqlite3 (Mike Gabriel)
 --
 squid3 (Markus Koschany)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97c6ed9d85a5b635f1120ef618889cec0a6e3c22...fa74cfc2978eaef8a609668b5d3bea790b9e99dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97c6ed9d85a5b635f1120ef618889cec0a6e3c22...fa74cfc2978eaef8a609668b5d3bea790b9e99dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200430/fffbb304/attachment.html>


More information about the debian-security-tracker-commits mailing list