[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2020-9431 as not-affected for wireshark

Thu Apr 30 16:14:26 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab3cfe9d by Thorsten Alteholz at 2020-04-30T17:10:54+02:00
mark CVE-2020-9431 as not-affected for wireshark

- - - - -
c77baab3 by Thorsten Alteholz at 2020-04-30T17:13:48+02:00
CVE-2016-10375 will be fixed with upload to Jessie

- - - - -
0fcfd555 by Thorsten Alteholz at 2020-04-30T17:14:14+02:00
Reserve DLA-2194-1 for yodl

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8414,7 +8414,7 @@ CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
 	- wireshark 3.2.2-1
 	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
 	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
-	[jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
+	[jessie] - wireshark <not-affected> (composite TVB handling added later)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850
@@ -166771,7 +166771,6 @@ CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the "XEP-0146: R
 CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function  ...)
 	{DLA-976-1}
 	- yodl 3.07.01-1
-	[jessie] - yodl <no-dsa> (Minor issue)
 	NOTE: https://github.com/fbb-git/yodl/issues/1
 	NOTE: https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3
 CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Apr 2020] DLA-2194-1 yodl - security update
+	{CVE-2016-10375}
+	[jessie] - yodl 3.04.00-1+deb8u1
 [28 Apr 2020] DLA-2193-1 openjdk-7 - security update
 	{CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830}
 	[jessie] - openjdk-7 7u261-2.6.22-1~deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8ecbffd6ae2bb1e8f7e51050542b24dd634da064...0fcfd55544a7553567b6a9de34be4fb3b95b55f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8ecbffd6ae2bb1e8f7e51050542b24dd634da064...0fcfd55544a7553567b6a9de34be4fb3b95b55f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200430/4b30bfce/attachment.html>
