[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbb05856 by Moritz Muehlenhoff at 2020-12-02T19:37:20+01:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -122,6 +122,7 @@ CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q=
 	NOT-FOR-US: EventON plugin for WordPress
 CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c in d ...)
 	- dlt-daemon 2.18.5-0.3 (bug #976228)
+	[buster] - dlt-daemon <no-dsa> (Minor issue)
 	NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
 	NOTE: https://github.com/GENIVI/dlt-daemon/pull/275
 	NOTE: https://github.com/GENIVI/dlt-daemon/commit/ff4f44c159df6f44b48bd38c9d2f104eb360be11
@@ -686,12 +687,14 @@ CVE-2020-29131
 CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...)
 	- libslirp <unfixed>
 	- qemu 1:4.1-2
+	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA, when fixed upstream)
 	NOTE: https://lists.freedesktop.org/archives/slirp/2020-November/000115.html
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...)
 	- libslirp <unfixed>
 	- qemu 1:4.1-2
+	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA, when fixed upstream)
 	NOTE: https://lists.freedesktop.org/archives/slirp/2020-November/000115.html
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
@@ -1117,6 +1120,7 @@ CVE-2020-28936
 CVE-2020-28935
 	RESERVED
 	- unbound <unfixed>
+	[buster] - unbound <no-dsa> (Minor issue)
 	[stretch] - unbound <end-of-life> (DSA 4694-1)
 	NOTE: https://github.com/NLnetLabs/unbound/issues/303
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e87 (release-1.13.0rc1)
@@ -1176,6 +1180,7 @@ CVE-2020-28917 (An issue was discovered in the view_statistics (aka View fronten
 CVE-2020-28916 [e1000e: infinite loop scenario in case of null packet descriptor]
 	RESERVED
 	- qemu <unfixed>
+	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
 CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon code in the ...)
@@ -11317,6 +11322,7 @@ CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper esca
 	- mantis <removed>
 CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...)
 	- pdns-recursor 4.3.5-1 (bug #972159)
+	[buster] - pdns-recursor <no-dsa> (Minor issue)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
 CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...)
 	{DSA-4767-1 DLA-2379-1}


=====================================
data/dsa-needed.txt
=====================================
@@ -25,11 +25,9 @@ linux (carnil)
 --
 netty
 --
-pdns-recursor
---
 salt
 --
-thunderbird
+thunderbird (jmm)
 --
 xcftools
   Hugo proposed to work on this update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb058566811673796cb5ddf0164309bede0c82b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb058566811673796cb5ddf0164309bede0c82b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201202/4c6e6604/attachment.html>