[Git][security-tracker-team/security-tracker][master] 3 commits: wireshark: Remove some notes

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67956a66 by Salvatore Bonaccorso at 2020-12-31T07:08:20+01:00
wireshark: Remove some notes

- - - - -
171ca735 by Salvatore Bonaccorso at 2020-12-31T07:08:51+01:00
Wrap note for wireshark

- - - - -
04d6aeff by Salvatore Bonaccorso at 2020-12-31T07:11:05+01:00
Track fixed version via unstable for CVE-2020-27218/jetty9

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15164,7 +15164,7 @@ CVE-2020-27220
 CVE-2020-27219
 	RESERVED
 CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0  ...)
-	- jetty9 <unfixed> (bug #976211)
+	- jetty9 9.4.35-1 (bug #976211)
 	[stretch] - jetty9 <no-dsa> (Minor issue)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
@@ -17005,7 +17005,6 @@ CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissector
 	- wireshark 3.4.1-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - wireshark <postponed> (Minor issue, can be fixed in next DLA by backporting patch)
-	NOTE: 2.6 track is also vulnerable (at least the patch looks like it can apply) even if only 3.4 track is mentioned.
 	NOTE: https://gitlab.com/wireshark/wireshark/-/commit/d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16958
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-17.html
@@ -17020,7 +17019,8 @@ CVE-2020-26419 (Memory leak in the dissection engine in Wireshark 3.4.0 allows d
 	- wireshark 3.4.1-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - wireshark <postponed> (Minor issue, not even clear whether the vulnerability is there)
-	NOTE: The case that is corrected does not exist in 2.6.8. Maybe the vulnerability can be caused by something else. Not checked. (ola)
+	NOTE: The case that is corrected does not exist in 2.6.8. Maybe the vulnerability can be
+	NOTE: caused by something else.
 	NOTE: https://gitlab.com/wireshark/wireshark/-/commit/a9fc769d7bb4b491efb61c699d57c9f35269d871
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17032
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-19.html
@@ -17028,9 +17028,6 @@ CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3
 	- wireshark 3.4.1-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - wireshark <postponed> (Minor issue, fixing this requires a lot of other fixes)
-	NOTE: The 2.6.8 version is lacking a lot of checks so just backporting this patch is not
-	NOTE: enough to fix the known problems with the kafka dissector. Consider ignoring or backporting
-	NOTE: a much later version.
 	NOTE: https://gitlab.com/wireshark/wireshark/-/commit/f4374967bbf9c12746b8ec3cd54dddada9dd353e
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16739
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-16.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9e5f9486772c8b1cf28d2163773efbf637e9dcc...04d6aeff85c6ef4671d9d4406e509b73d0a3081e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9e5f9486772c8b1cf28d2163773efbf637e9dcc...04d6aeff85c6ef4671d9d4406e509b73d0a3081e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201231/7bc970fb/attachment.html>