[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2019-20446 as no-dsa for jessie

Tue Feb 18 12:45:41 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02cd42a5 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
mark CVE-2019-20446 as no-dsa for jessie

- - - - -
81262bd0 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
add phppgadmin

- - - - -
1e7046c7 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
mark CVE-2020-8518 as no-dsa in Jessie

- - - - -
dc3ea338 by Thorsten Alteholz at 2020-02-18T13:45:27+01:00
add systemd

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1178,6 +1178,7 @@ CVE-2020-8519
 	RESERVED
 CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
 	- php-horde-data <unfixed> (bug #951537)
+	[jessie] - php-horde-data <no-dsa> (Minor issue)
 	NOTE: https://lists.horde.org/archives/announce/2020/001285.html
 CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
 	- squid 4.10-1 (unimportant)
@@ -1194,6 +1195,7 @@ CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x thro
 	NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
 CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...)
 	- librsvg 2.46.4-1
+	[jessie] - librsvg <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
 	NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135
 CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -56,6 +56,9 @@ openjdk-7 (Emilio)
 --
 php5 (Thorsten Alteholz)
 --
+phppgadmin
+  NOTE: 20200218: no fix yet; wide usage
+--
 python-pysaml2 (Abhijith PA)
   NOTE: 2020203: test fails already for the one in archive (abhijith)
 --
@@ -100,6 +103,9 @@ squid3 (Markus Koschany)
   NOTE: 20200120: or the absolute function is the issue but it is hard to tell without more
   NOTE: 20200120: details on the intention. (Ola)
 --
+systemd
+  NOTE: 20200218: systemd in Jessie is probably not affected by CVE-2020-1712 but recheck
+--
 tomcat8 (Abhijith PA)
  NOTE: 20200106: Almost done. Working on failing testcase.
  NOTE: 20200210: TestFormAuthenticator failing with CVE-2019-17563. backporting upstream tests (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/39d03a5493904ce4bdd81ab817e10d7aa4663975...dc3ea338f994cda8cf263206cf52c5172775dd89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/39d03a5493904ce4bdd81ab817e10d7aa4663975...dc3ea338f994cda8cf263206cf52c5172775dd89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/e003ba49/attachment.html>
