[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2020-16093/lemonldap as no-dsa for stretch

Utkarsh Gupta utkarsh at debian.org
Sun Dec 20 17:59:22 GMT 2020 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
759da913 by Utkarsh Gupta at 2020-12-20T23:27:51+05:30
Mark CVE-2020-16093/lemonldap as no-dsa for stretch

- - - - -
592c0fe2 by Utkarsh Gupta at 2020-12-20T23:28:11+05:30
Drop lemonldap-ng from dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -37335,6 +37335,7 @@ CVE-2020-16093
 	RESERVED
 	- lemonldap-ng 2.0.9+ds-1
 	[buster] - lemonldap-ng <no-dsa> (Minor issue)
+	[stretch] - lemonldap-ng <no-dsa> (Minor issue + 2.x is a complete re-write, so very hard to backport!)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250
 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
 	{DSA-4760-1 DLA-2373-1}


=====================================
data/dla-needed.txt
=====================================
@@ -78,11 +78,6 @@ intel-microcode
   NOTE: 20201122: Utkarsh will upload once its confirmed that there is no regression
   NOTE: 20201122: and is actively tracking it. (utkarsh)
 --
-lemonldap-ng (Utkarsh)
-  NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby)
-  NOTE: 20201122: still waiting to hear from upstream. (utkarsh)
-  NOTE: 20201207: wip, will process the upload soon™. (utkarsh)
---
 libhibernate3-java
   NOTE: 20201115: No patch yet; unsure if version in LTS is vulnerable. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ed458df2bcc47656cf0976486c7d5bf8fdb1763...592c0fe2d552484eca9665600108775f7c159264

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1ed458df2bcc47656cf0976486c7d5bf8fdb1763...592c0fe2d552484eca9665600108775f7c159264
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201220/2b0ba950/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list