[Git][security-tracker-team/security-tracker][master] opensmtpd DSA
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 26 21:22:11 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7b685a9 by Moritz Muehlenhoff at 2020-02-26T22:21:54+01:00
opensmtpd DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1436,10 +1436,11 @@ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an
NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1
CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...)
- - opensmtpd 6.6.4p1-1 (bug #952453)
+ - opensmtpd 6.6.4p1-1 (unimportant; bug #952453)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4
NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
+ NOTE: Neutralised by kernel hardening
CVE-2020-8792
RESERVED
CVE-2020-8791
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[26 Feb 2020] DSA-4634-1 opensmtpd - security update
+ {CVE-2020-8794}
+ [stretch] - opensmtpd 6.0.2p1-2+deb9u3
+ [buster] - opensmtpd 6.0.3p1-5+deb10u4
[24 Feb 2020] DSA-4633-1 curl - security update
{CVE-2019-5481 CVE-2019-5482}
[stretch] - curl 7.52.1-5+deb9u10
=====================================
data/dsa-needed.txt
=====================================
@@ -38,8 +38,6 @@ nodejs
nss/oldstable (jmm)
Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508
--
-opensmtpd
---
poppler (jmm)
--
proftpd-dfsg (carnil)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b685a963231edb747bd790a9eae5a302f5dfed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b685a963231edb747bd790a9eae5a302f5dfed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200226/f0078dd6/attachment.html>
More information about the debian-security-tracker-commits
mailing list