[Git][security-tracker-team/security-tracker][master] opensmtpd DSA

Moritz Muehlenhoff jmm at debian.org
Wed Feb 26 21:22:11 GMT 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7b685a9 by Moritz Muehlenhoff at 2020-02-26T22:21:54+01:00
opensmtpd DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1436,10 +1436,11 @@ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an
 	NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
 	NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1
 CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...)
-	- opensmtpd 6.6.4p1-1 (bug #952453)
+	- opensmtpd 6.6.4p1-1 (unimportant; bug #952453)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4
 	NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
 	NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
+	NOTE: Neutralised by kernel hardening
 CVE-2020-8792
 	RESERVED
 CVE-2020-8791


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[26 Feb 2020] DSA-4634-1 opensmtpd - security update
+	{CVE-2020-8794}
+	[stretch] - opensmtpd 6.0.2p1-2+deb9u3
+	[buster] - opensmtpd 6.0.3p1-5+deb10u4
 [24 Feb 2020] DSA-4633-1 curl - security update
 	{CVE-2019-5481 CVE-2019-5482}
 	[stretch] - curl 7.52.1-5+deb9u10


=====================================
data/dsa-needed.txt
=====================================
@@ -38,8 +38,6 @@ nodejs
 nss/oldstable (jmm)
   Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508
 --
-opensmtpd
---
 poppler (jmm)
 --
 proftpd-dfsg (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b685a963231edb747bd790a9eae5a302f5dfed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b685a963231edb747bd790a9eae5a302f5dfed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200226/f0078dd6/attachment.html>


More information about the debian-security-tracker-commits mailing list