[Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: Add various php-horde-* components and claim them.
Mike Gabriel
sunweaver at debian.org
Sat Aug 29 11:12:09 BST 2020
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73171607 by Mike Gabriel at 2020-08-29T12:06:32+02:00
data/dla-needed.txt: Add various php-horde-* components and claim them.
- - - - -
42e89034 by Mike Gabriel at 2020-08-29T12:09:02+02:00
data/dla-needed.txt: Claim fossil.
- - - - -
59087f0c by Mike Gabriel at 2020-08-29T12:11:51+02:00
data/CVE/list: Update CVE-2020-17489; Switch it back to <no-dsa> for buster (fix via buster-pu); for stretch let's fix it via LTS upload.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -15139,8 +15139,7 @@ CVE-2020-17490
RESERVED
CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
- gnome-shell 3.36.5-1 (bug #968311)
- [buster] - gnome-shell <not-affected> (Visible passwords in GDM3/lock-screen only got introduced in GNOME 3.36)
- [stretch] - gnome-shell <not-affected> (Visible passwords in GDM3/lock-screen only got introduced in GNOME 3.36)
+ [buster] - gnome-shell <no-dsa> (Visible passwords in GDM3/lock-screen introduced in 3.36, only password length revealed in earlier versions)
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04
=====================================
data/dla-needed.txt
=====================================
@@ -74,7 +74,7 @@ firefox-esr (Emilio)
NOTE: 20200720: working on ESR 78 backport. (pochu)
NOTE: 20200810: backported llvm 10, looking into wasi-libc and rustc/cargo (pochu)
--
-fossil
+fossil (Mike Gabriel)
--
freerdp (Mike Gabriel)
NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
@@ -131,6 +131,14 @@ opendmarc
--
openexr (Adrian Bunk)
--
+php-horde (Mike Gabriel)
+--
+php-horde-core (Mike Gabriel)
+--
+php-horde-kronolith (Mike Gabriel)
+--
+php-horde-tream (Mike Gabriel)
+--
puma
NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d26b8bc4c476a87257e1f35ade4b6f8ad3bea4...59087f0cdbbdc1f49b28fe17e6987e7ffbed509d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d26b8bc4c476a87257e1f35ade4b6f8ad3bea4...59087f0cdbbdc1f49b28fe17e6987e7ffbed509d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200829/cb724aa3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list