[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Mon Aug 31 18:56:09 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcaf52a8 by Moritz Muehlenhoff at 2020-08-31T19:55:46+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -342,6 +342,7 @@ CVE-2020-24862
 	RESERVED
 CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...)
 	- rust-rgb <unfixed> (bug #969213)
+	[buster] - rust-rgb <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html
 	NOTE: https://github.com/kornelski/rust-rgb/issues/35
 CVE-2020-24861
@@ -15163,6 +15164,7 @@ CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution vi
 	NOT-FOR-US: vBulletin
 CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
 	- python-django-celery-results <unfixed> (bug #968305)
+	[buster] - python-django-celery-results <no-dsa> (Minor issue)
 	NOTE: https://github.com/celery/django-celery-results/issues/142
 CVE-2020-17494
 	RESERVED
@@ -19981,6 +19983,7 @@ CVE-2020-15357
 	RESERVED
 CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...)
 	- sqlite3 3.32.3-1
+	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
 	NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
@@ -27597,6 +27600,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be
 CVE-2020-12403
 	RESERVED
 	- nss 2:3.55-1
+	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
 	NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
@@ -39714,6 +39718,7 @@ CVE-2020-8160
 	RESERVED
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
 	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
+	[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
 	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
 CVE-2020-8158
 	RESERVED
@@ -86149,6 +86154,7 @@ CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability all
 	NOT-FOR-US: GAT-Ship Web Module
 CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
 	- ruby-omniauth <unfixed>
+	[buster] - ruby-omniauth <no-dsa> (Minor issue)
 	[stretch] - ruby-omniauth <no-dsa> (Minor issue)
 	[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
 	NOTE: https://github.com/omniauth/omniauth/pull/809


=====================================
data/dsa-needed.txt
=====================================
@@ -22,6 +22,8 @@ knot-resolver
 linux (carnil)
   Wait until more issues have piled up
 --
+qemu
+--
 rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcaf52a8d35f813ca8125f4425ed4a2c7b953bcb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcaf52a8d35f813ca8125f4425ed4a2c7b953bcb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200831/9a1dc88c/attachment.html>

More information about the debian-security-tracker-commits mailing list