[Git][security-tracker-team/security-tracker][master] 3 commits: data/CVE/list: wireshark/stretch not affected by CVE-2020-17499

Sat Aug 15 14:14:52 BST 2020


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b686d26c by Mike Gabriel at 2020-08-15T15:00:39+02:00
data/CVE/list: wireshark/stretch not affected by CVE-2020-17499

- - - - -
8959c85e by Mike Gabriel at 2020-08-15T15:05:53+02:00
data/dla-needed.txt: add yubico-piv-tool

- - - - -
fa6f220f by Mike Gabriel at 2020-08-15T15:14:33+02:00
data/CVE/list: mark CVE-2020-2433{0,1,2}/trousers/stretch as <ignored>. Service does not get launched as root.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -54,16 +54,19 @@ CVE-2020-24333
 	RESERVED
 CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
 	- trousers <unfixed>
+	[stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
 	NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
 	NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
 CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
 	- trousers <unfixed>
+	[stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
 	NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
 	NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
 CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
 	- trousers <unfixed>
+	[stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
 	NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
 	NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
@@ -13737,6 +13740,7 @@ CVE-2020-17499
 	RESERVED
 CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...)
 	- wireshark 3.2.6-1
+	[stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html


=====================================
data/dla-needed.txt
=====================================
@@ -187,3 +187,7 @@ xcftools
   NOTE: 20200523: Proposed fix https://github.com/j-jorge/xcftools/pull/15 (gladk)
   NOTE: 20200605: Patch https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch (gladk)
 --
+yubico-piv-tool
+  NOTE: 20200815: About CVE-2020-13131. Blog post available, but patch URLs seemingly not provided.
+  NOTE: 20200815: Needs deeper research. (sunweaver)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d17f9ed798f9a298678e389a2ca3834947e1b9...fa6f220f759eae6570e41004db5a9bf6851975a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d17f9ed798f9a298678e389a2ca3834947e1b9...fa6f220f759eae6570e41004db5a9bf6851975a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200815/4258a2c5/attachment-0001.html>
