[Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: Add various php-horde-* components and claim them.

Mike Gabriel sunweaver at debian.org
Sat Aug 29 11:12:09 BST 2020



Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73171607 by Mike Gabriel at 2020-08-29T12:06:32+02:00
data/dla-needed.txt: Add various php-horde-* components and claim them.

- - - - -
42e89034 by Mike Gabriel at 2020-08-29T12:09:02+02:00
data/dla-needed.txt: Claim fossil.

- - - - -
59087f0c by Mike Gabriel at 2020-08-29T12:11:51+02:00
data/CVE/list: Update CVE-2020-17489; Switch it back to <no-dsa> for buster (fix via buster-pu); for stretch let's fix it via LTS upload.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -15139,8 +15139,7 @@ CVE-2020-17490
 	RESERVED
 CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
 	- gnome-shell 3.36.5-1 (bug #968311)
-	[buster] - gnome-shell <not-affected> (Visible passwords in GDM3/lock-screen only got introduced in GNOME 3.36)
-	[stretch] - gnome-shell <not-affected> (Visible passwords in GDM3/lock-screen only got introduced in GNOME 3.36)
+	[buster] - gnome-shell <no-dsa> (Visible passwords in GDM3/lock-screen introduced in 3.36, only password length revealed in earlier versions)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04


=====================================
data/dla-needed.txt
=====================================
@@ -74,7 +74,7 @@ firefox-esr (Emilio)
   NOTE: 20200720: working on ESR 78 backport. (pochu)
   NOTE: 20200810: backported llvm 10, looking into wasi-libc and rustc/cargo (pochu)
 --
-fossil
+fossil (Mike Gabriel)
 --
 freerdp (Mike Gabriel)
   NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
@@ -131,6 +131,14 @@ opendmarc
 --
 openexr (Adrian Bunk)
 --
+php-horde (Mike Gabriel)
+--
+php-horde-core (Mike Gabriel)
+--
+php-horde-kronolith (Mike Gabriel)
+--
+php-horde-tream (Mike Gabriel)
+--
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d26b8bc4c476a87257e1f35ade4b6f8ad3bea4...59087f0cdbbdc1f49b28fe17e6987e7ffbed509d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d26b8bc4c476a87257e1f35ade4b6f8ad3bea4...59087f0cdbbdc1f49b28fe17e6987e7ffbed509d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200829/cb724aa3/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list