[Git][security-tracker-team/security-tracker][master] 3 commits: Mark nethack as eol.

Ola Lundqvist opal at debian.org
Wed Jan 29 19:35:05 GMT 2020



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f229ce5 by Ola Lundqvist at 2020-01-29T20:34:48+01:00
Mark nethack as eol.

- - - - -
3b31bf2e by Ola Lundqvist at 2020-01-29T20:34:49+01:00
CVE-2019-20433 marked as ignored for jessie following decision for stretch.

- - - - -
9d4c217d by Ola Lundqvist at 2020-01-29T20:34:49+01:00
Added inte-microcode to the list of packages that should be updated for jessie. Even though it is non-free it should be updated due to its severity.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -878,6 +878,7 @@ CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read f
 	- aspell 0.60.7-3 (bug #935128)
 	[buster] - aspell <no-dsa> (Minor issue)
 	[stretch] - aspell <no-dsa> (Minor issue)
+	[jessie] - aspell <ignored> (Minor issue)
 	NOTE: http://aspell.net/buffer-overread-ucs.txt
 	NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b
 	NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
@@ -6882,22 +6883,28 @@ CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from
 	TODO: check
 CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
 	- nethack <unfixed>
+	[jessie] - nethack <end-of-life>
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
 CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
 	- nethack <unfixed>
+	[jessie] - nethack <end-of-life>
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
 CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
 	- nethack <unfixed>
+	[jessie] - nethack <end-of-life>
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
 CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the  ...)
 	- nethack <unfixed>
+	[jessie] - nethack <end-of-life>
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7
 CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
 	- nethack <unfixed>
+	[jessie] - nethack <end-of-life>
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
 	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can  ...)
 	- nethack <unfixed>
+	[jessie] - nethack <end-of-life>
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
 	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 CVE-2020-5208


=====================================
data/dla-needed.txt
=====================================
@@ -31,6 +31,8 @@ ibus
   NOTE: 20191210: See https://bugs.debian.org/941018
   NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
 --
+intel-microcode
+--
 jackson-databind
   NOTE: 20200105: Can be postponed again. (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/12e8b83d64634eb00320a65c299d5e23917e2e73...9d4c217df87aba4c52d2c6ae1fdc559e0a9c6feb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/12e8b83d64634eb00320a65c299d5e23917e2e73...9d4c217df87aba4c52d2c6ae1fdc559e0a9c6feb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/23ca1de8/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list