[Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: Triage ros-actionlib for stretch LTS (CVE-2020-10289).

Sat Aug 22 12:58:09 BST 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94d5dc4d by Chris Lamb at 2020-08-22T12:54:44+01:00
data/dla-needed.txt: Triage ros-actionlib for stretch LTS (CVE-2020-10289).

- - - - -
5c2cedbc by Chris Lamb at 2020-08-22T12:55:17+01:00
Triage CVE-2019-14562 in edk2 for stretch LTS.

- - - - -
e86ee1cb by Chris Lamb at 2020-08-22T12:57:53+01:00
data/dla-needed.txt: Triage icingaweb2 for stretch LTS (CVE-2020-24368).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -73403,6 +73403,7 @@ CVE-2019-14562
 	RESERVED
 	- edk2 <unfixed> (bug #968819)
 	[buster] - edk2 <no-dsa> (Minor issue)
+	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
 CVE-2019-14561


=====================================
data/dla-needed.txt
=====================================
@@ -90,6 +90,8 @@ guacamole-client (Mike Gabriel)
   NOTE: 20200815: The bad maintenance is not because of the maintainer, but because of upstream's delay to port the software
   NOTE: 20200815: over to the freerdp2 API. (sunweaver)
 --
+icingaweb2
+--
 inetutils (Adrian Bunk)
 --
 jetty9
@@ -145,6 +147,10 @@ qtbase-opensource-src (Adrian Bunk)
   NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio.
   NOTE: 20200815: One could possibly look at the other <no-dsa> issues and decide whether they are worth fixing along. (sunweaver)
 --
+ros-actionlib
+  NOTE: 20200822: Marked as no-dsa in buster, but appears to be used in remote
+  NOTE: 20200822: IPC (?) so severity should be confirmed. (lamby)
+--
 ruby-actionpack-page-caching
   NOTE: 20200819: Upstream's patch on does not apply due to subsequent
   NOTE: 20200819: refactoring. However, a quick look at the private



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7a39a48a718acbb8644be6c07974270372bbaa1a...e86ee1cbc8695525dcee1fe4ff98b90537278bf5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7a39a48a718acbb8644be6c07974270372bbaa1a...e86ee1cbc8695525dcee1fe4ff98b90537278bf5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/eacd65d7/attachment.html>
