[Git][security-tracker-team/security-tracker][master] 3 commits: Mark nethack as eol.
Ola Lundqvist
opal at debian.org
Wed Jan 29 19:35:05 GMT 2020
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6f229ce5 by Ola Lundqvist at 2020-01-29T20:34:48+01:00
Mark nethack as eol.
- - - - -
3b31bf2e by Ola Lundqvist at 2020-01-29T20:34:49+01:00
CVE-2019-20433 marked as ignored for jessie following decision for stretch.
- - - - -
9d4c217d by Ola Lundqvist at 2020-01-29T20:34:49+01:00
Added inte-microcode to the list of packages that should be updated for jessie. Even though it is non-free it should be updated due to its severity.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -878,6 +878,7 @@ CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read f
- aspell 0.60.7-3 (bug #935128)
[buster] - aspell <no-dsa> (Minor issue)
[stretch] - aspell <no-dsa> (Minor issue)
+ [jessie] - aspell <ignored> (Minor issue)
NOTE: http://aspell.net/buffer-overread-ucs.txt
NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b
NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
@@ -6882,22 +6883,28 @@ CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from
TODO: check
CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
- nethack <unfixed>
+ [jessie] - nethack <end-of-life>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
- nethack <unfixed>
+ [jessie] - nethack <end-of-life>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
- nethack <unfixed>
+ [jessie] - nethack <end-of-life>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the ...)
- nethack <unfixed>
+ [jessie] - nethack <end-of-life>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7
CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
- nethack <unfixed>
+ [jessie] - nethack <end-of-life>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can ...)
- nethack <unfixed>
+ [jessie] - nethack <end-of-life>
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
CVE-2020-5208
=====================================
data/dla-needed.txt
=====================================
@@ -31,6 +31,8 @@ ibus
NOTE: 20191210: See https://bugs.debian.org/941018
NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
--
+intel-microcode
+--
jackson-databind
NOTE: 20200105: Can be postponed again. (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/12e8b83d64634eb00320a65c299d5e23917e2e73...9d4c217df87aba4c52d2c6ae1fdc559e0a9c6feb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/12e8b83d64634eb00320a65c299d5e23917e2e73...9d4c217df87aba4c52d2c6ae1fdc559e0a9c6feb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/23ca1de8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list