[Git][security-tracker-team/security-tracker][master] opensmtpd DSA

Wed Jan 29 19:17:34 GMT 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12e8b83d by Moritz Muehlenhoff at 2020-01-29T11:16:59-08:00
opensmtpd DSA
one disputed systemd issue resolved

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16493,6 +16493,7 @@ CVE-2020-1717
 	RESERVED
 CVE-2020-1716
 	RESERVED
+	NOT-FOR-US: ceph-ansible
 CVE-2020-1715
 	RESERVED
 CVE-2020-1714
@@ -20655,10 +20656,10 @@ CVE-2019-18627
 CVE-2019-18626
 	RESERVED
 CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed  ...)
-	- systemd <unfixed>
-	[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
-	[stretch] - systemd <not-affected> (Vulnerable code introduced later)
-	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
+	- systemd 244-1 (low)
+	[buster] - systemd <not-affected> (Only affected v243)
+	[stretch] - systemd <not-affected> (Only affected v243)
+	[jessie] - systemd <not-affected> (Only affected v243)
 	NOTE: https://github.com/systemd/systemd/issues/9397
 CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...)
 	- suricata <unfixed>


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[29 Jan 2020] DSA-4611-1 opensmtpd - security update
+	{CVE-2020-7247}
+	[stretch] - opensmtpd 6.0.2p1-2+deb9u1
+	[buster] - opensmtpd 6.0.3p1-5+deb10u3
 [29 Jan 2020] DSA-4610-1 webkit2gtk - security update
 	{CVE-2019-8835 CVE-2019-8844 CVE-2019-8846}
 	[buster] - webkit2gtk 2.26.3-1~deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -42,9 +42,6 @@ nss/oldstable (jmm)
 --
 openjdk-8 (jmm)
 --
-opensmtpd
-  Maintainer working on updates
---
 php7.0
 --
 php7.3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e8b83d64634eb00320a65c299d5e23917e2e73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12e8b83d64634eb00320a65c299d5e23917e2e73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/10355e02/attachment.html>
