[Git][security-tracker-team/security-tracker][master] stretch triage

Abhijith PA abhijith at debian.org
Sun Aug 2 05:46:27 BST 2020 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98f146be by Abhijith PA at 2020-08-02T10:15:57+05:30
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -739,6 +739,7 @@ CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were
 	NOT-FOR-US: Mida eFramework
 CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation  ...)
 	- claws-mail 3.17.6-1
+	[stretch] - claws-mail <no-dsa> (low priority issue)
 	NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
 CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...)
 	NOT-FOR-US: Tenda devices
@@ -4657,6 +4658,7 @@ CVE-2020-14348
 CVE-2020-14347 [X Server Pixel Data Uninitialized Memory Information Disclosure]
 	RESERVED
 	- xorg-server <unfixed>
+	[stretch] - xorg-server <postponed> (Minor issue, can be fixed along in next release)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
 CVE-2020-14346
@@ -14034,6 +14036,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and  ...)
 	- bareos <unfixed> (bug #965985)
+	[stretch] - bareos <no-dsa> (minor issue, low priority)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
 	- glpi <removed> (unimportant)
@@ -31638,6 +31641,7 @@ CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserial
 	NOT-FOR-US: phpMussel
 CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to  ...)
 	- bareos <unfixed> (bug #965985)
+	[stretch] - bareos <no-dsa> (minor issue, low priority)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
 	NOT-FOR-US: Bolt CMS


=====================================
data/dla-needed.txt
=====================================
@@ -52,6 +52,8 @@ condor (Roberto C. Sánchez)
   NOTE: 20200712: Requested input on path forward from debian-lts at l.d.o (roberto)
   NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
+evolution-data-server
+--
 firefox-esr (Emilio)
   NOTE: 20200720: working on ESR 78 backport. (Emilio)
 --
@@ -73,6 +75,8 @@ jruby (Adrian Bunk)
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --
+libx11
+--
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98f146be45839b3b897b79544f48b8f6f97bc24f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98f146be45839b3b897b79544f48b8f6f97bc24f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200802/ad2d72ca/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list