[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2020-24241 and CVE-2020-24242 for as no-dsa for Stretch

Thorsten Alteholz alteholz at debian.org
Thu Aug 27 13:40:01 BST 2020 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e20d057f by Thorsten Alteholz at 2020-08-27T14:39:37+02:00
mark CVE-2020-24241 and CVE-2020-24242 for as no-dsa for Stretch

- - - - -
c9b0ac91 by Thorsten Alteholz at 2020-08-27T14:39:39+02:00
mark CVE-2020-8624 as not-affected for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -963,10 +963,12 @@ CVE-2020-24243
 	RESERVED
 CVE-2020-24242 (In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...)
 	- nasm 2.15.04-1
+	[stretch] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392708
 	NOTE: https://github.com/netwide-assembler/nasm/commit/6299a3114ce0f3acd55d07de201a8ca2f0a83059
 CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in  ...)
 	- nasm 2.15.04-1
+	[stretch] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392707
 	NOTE: https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461
 	NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c
@@ -37820,6 +37822,7 @@ CVE-2020-8625
 	RESERVED
 CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...)
 	- bind9 1:9.16.6-1 (bug #966497)
+	[stretch] - bind9 <not-affected> (Vulnerable code (dns_ssu_mtypefromstring()) introduced later)
 	NOTE: https://kb.isc.org/docs/cve-2020-8624
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/7630a64141a997b5247d9ad4a7dfff6ac6d9a485 (v9_16_6)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/5bf457e89a3fdc355aad74140f5e010b42d1df82 (v9_16_6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/da66790f7ee97d922bce1786c2990e14d3d3d708...c9b0ac912429537bb4a881df2f50706aeb6d2afe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/da66790f7ee97d922bce1786c2990e14d3d3d708...c9b0ac912429537bb4a881df2f50706aeb6d2afe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200827/d1b1298e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list