[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2020-11867 in audacity for stretcn LTS (Minor issue).

Wed Dec 9 10:12:24 GMT 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f95f28f by Chris Lamb at 2020-12-09T10:07:14+00:00
Triage CVE-2020-11867 in audacity for stretcn LTS (Minor issue).

- - - - -
69827f7c by Chris Lamb at 2020-12-09T10:08:13+00:00
data/dla-needed.txt: Triage openssl for stretch LTS (CVE-2020-1971).

- - - - -
81f6a048 by Chris Lamb at 2020-12-09T10:10:47+00:00
data/dla-needed.txt: Triage curl for stretch LTS (CVE-2020-8284, CVE-2020-8285 & CVE-2020-8286).

- - - - -
e9a5f97c by Chris Lamb at 2020-12-09T10:12:00+00:00
data/dla-needed.txt: Triage openssl1.0 for stretch LTS (CVE-2020-1971).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -44795,6 +44795,7 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an o
 CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USE ...)
 	- audacity <unfixed> (bug #976874)
 	[buster] - audacity <no-dsa> (Minor issue)
+	[stretch] - audacity <no-dsa> (Minor issue)
 CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...)
 	- libemf 1.0.12-1
 	[buster] - libemf <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -46,6 +46,8 @@ condor
   NOTE: 20200712: Requested input on path forward from debian-lts at l.d.o (roberto)
   NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
+curl
+--
 f2fs-tools
   NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0 and 1.13.0, but it is not trivial to
   NOTE: 20200815: to detect which of the patches correlates to the CVE. Contacting upstream might be necessary. (sunweaver)
@@ -101,6 +103,10 @@ opendmarc
 --
 openjpeg2 (Thorsten Alteholz)
 --
+openssl
+--
+openssl1.0
+--
 pacemaker (Markus Koschany)
   NOTE: 20201117: See #974563 for further information.
   NOTE: 20201130: I will ask the other bug reporters for feedback and testing



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/12b9bbb0487028393a57cc631b4a246d3f12f9c7...e9a5f97c03c1dc22f74f696ad2d2264338fcf495

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/12b9bbb0487028393a57cc631b4a246d3f12f9c7...e9a5f97c03c1dc22f74f696ad2d2264338fcf495
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201209/5399c6fa/attachment-0001.html>
