[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2020-27818 as no-dsa for Stretch

Thorsten Alteholz alteholz at debian.org
Sun Dec 6 16:18:43 GMT 2020



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08cbb2ff by Thorsten Alteholz at 2020-12-06T17:04:06+01:00
mark CVE-2020-27818 as no-dsa for Stretch

- - - - -
6f10c86e by Thorsten Alteholz at 2020-12-06T17:05:17+01:00
mark CVE-2020-27821 as postponed for Stretch

- - - - -
9a70de2d by Thorsten Alteholz at 2020-12-06T17:09:56+01:00
mark CVE-2020-29562 as no-dsa for Stretch

- - - - -
7e763b66 by Thorsten Alteholz at 2020-12-06T17:10:35+01:00
mark CVE-2020-29573 as no-dsa for Stretch

- - - - -
8725f0a1 by Thorsten Alteholz at 2020-12-06T17:14:02+01:00
add golang-websocket

- - - - -
10f47fcf by Thorsten Alteholz at 2020-12-06T17:17:00+01:00
mark CVE-2020-17521 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -36,6 +36,7 @@ CVE-2020-29574
 	RESERVED
 CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...)
 	- glibc <unfixed>
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26649
 	NOTE: https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61
@@ -64,6 +65,7 @@ CVE-2020-29563
 	RESERVED
 CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...)
 	- glibc <unfixed> (bug #976391)
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26923
 	NOTE: https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html
 CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does ...)
@@ -6885,6 +6887,7 @@ CVE-2020-27822
 CVE-2020-27821 [heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c]
 	RESERVED
 	- qemu <unfixed>
+	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
 CVE-2020-27820 [use-after-free in nouveau kernel module]
 	RESERVED
@@ -6897,6 +6900,7 @@ CVE-2020-27818
 	RESERVED
 	- pngcheck 2.3.0-13 (bug #976350)
 	[buster] - pngcheck <no-dsa> (Minor issue)
+	[stretch] - pngcheck <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
 	NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
 CVE-2020-27817
@@ -29095,6 +29099,7 @@ CVE-2020-17522
 CVE-2020-17521 [Information Disclosure]
 	RESERVED
 	- groovy <unfixed>
+	[stretch] - groovy <no-dsa> (Minor issue)
 	- groovy2 <removed>
 	NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
 	NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1


=====================================
data/dla-needed.txt
=====================================
@@ -51,6 +51,8 @@ firmware-nonfree (Emilio)
 --
 golang-golang-x-net-dev
 --
+golang-websocket
+--
 influxdb
 --
 intel-microcode



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4fb490c27e8bfa2c7a60c775a19d2598a708c18...10f47fcfa30572abf1b592aea6b69ac285529086

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4fb490c27e8bfa2c7a60c775a19d2598a708c18...10f47fcfa30572abf1b592aea6b69ac285529086
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201206/283a42f0/attachment.html>


More information about the debian-security-tracker-commits mailing list