[Git][security-tracker-team/security-tracker][master] 3 commits: no DLA for libarchive, all CVEs are no-dsa

Thorsten Alteholz alteholz at debian.org
Sat Feb 29 15:47:36 GMT 2020 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7aad6f5b by Thorsten Alteholz at 2020-02-29T16:34:01+01:00
no DLA for libarchive, all CVEs are no-dsa

- - - - -
3cd50e16 by Thorsten Alteholz at 2020-02-29T16:47:00+01:00
upload postponed until today

- - - - -
61952181 by Thorsten Alteholz at 2020-02-29T16:47:25+01:00
Reserve DLA-2129-1 for firebird2.5

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -150734,7 +150734,6 @@ CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in F
 	- firebird3.0 3.0.3.32900.ds4-3
 	[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
 	- firebird2.5 <removed>
-	[jessie] - firebird2.5 <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: https://www.tenable.com/security/research/tra-2017-36
 	NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed
 	NOTE: in "any current release".


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Feb 2020] DLA-2129-1 firebird2.5 - security update
+	{CVE-2017-11509}
+	[jessie] - firebird2.5 2.5.3.26778.ds4-5+deb8u2
 [29 Feb 2020] DLA-2128-1 openjdk-7 - security update
 	{CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659}
 	[jessie] - openjdk-7 7u251-2.6.21-1~deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -20,8 +20,6 @@ ansible (Mike Gabriel)
 --
 libapache2-mod-auth-openidc (Thorsten Alteholz)
 --
-libarchive (Thorsten Alteholz)
---
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
   NOTE: triage work needed, help security team for fixes if needed.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f887dc7ed5f40bd29e6637cb191af51b2665810d...61952181ab42f0feefb90ee6529b4d9721a7b898

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f887dc7ed5f40bd29e6637cb191af51b2665810d...61952181ab42f0feefb90ee6529b4d9721a7b898
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200229/30415054/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list