[Git][security-tracker-team/security-tracker][master] 2 commits: LTS/annotate CVE-2020-1712/systemd as not affecting jessie

Roberto C. Sánchez roberto at debian.org
Tue Feb 18 22:57:27 GMT 2020 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
063e82ef by Roberto C. Sánchez at 2020-02-18T17:56:22-05:00
LTS/annotate CVE-2020-1712/systemd as not affecting jessie

- - - - -
c9da3e61 by Roberto C. Sánchez at 2020-02-18T17:57:14-05:00
LTS/remove systemd from dla-needed.txt, no open vulnerabilities

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18669,6 +18669,7 @@ CVE-2020-1713
 CVE-2020-1712 [heap use-after-free vulnerability]
 	RESERVED
 	- systemd 244.2-1 (bug #950732)
+	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
 	NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation)
 	NOTE: https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation)


=====================================
data/dla-needed.txt
=====================================
@@ -103,9 +103,6 @@ squid3 (Markus Koschany)
   NOTE: 20200120: or the absolute function is the issue but it is hard to tell without more
   NOTE: 20200120: details on the intention. (Ola)
 --
-systemd (Roberto C. Sánchez)
-  NOTE: 20200218: systemd in Jessie is probably not affected by CVE-2020-1712 but recheck
---
 tomcat8 (Abhijith PA)
  NOTE: 20200106: Almost done. Working on failing testcase.
  NOTE: 20200210: TestFormAuthenticator failing with CVE-2019-17563. backporting upstream tests (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad55da9891799aef8fe2383aa543c1664c9ffd48...c9da3e6199b4047617fc8cc7edc8123b1154030c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad55da9891799aef8fe2383aa543c1664c9ffd48...c9da3e6199b4047617fc8cc7edc8123b1154030c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/965b1e8d/attachment.html>

More information about the debian-security-tracker-commits mailing list