[Git][security-tracker-team/security-tracker][master] 2 commits: Claim tomcat8 in dla-needed.txt

Markus Koschany apo at debian.org
Wed Jul 1 08:04:06 BST 2020



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20e5d55a by Markus Koschany at 2020-07-01T09:01:07+02:00
Claim tomcat8 in dla-needed.txt

- - - - -
731417d2 by Markus Koschany at 2020-07-01T09:03:16+02:00
Remove no-dsa tags for squid3.

Will be fixed with the upcoming security release 3.5.23-5+deb9u2

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -98314,7 +98314,6 @@ CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of servi
 	{DLA-1596-1}
 	- squid 4.4-1 (low; bug #912294)
 	- squid3 <removed> (low)
-	[stretch] - squid3 <postponed> (Can be fixed along in a future DSA)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
 	NOTE: 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
 	NOTE: 4.x: http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch
@@ -220337,7 +220336,6 @@ CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform b
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
 CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.c ...)
 	- squid3 3.5.16-1 (bug #819783)
-	[jessie] - squid3 <no-dsa> (Minor issue)
 	[wheezy] - squid3 <no-dsa> (Minor issue)
 	- squid 4.1-1
 	[wheezy] - squid <no-dsa> (Minor issue)
@@ -224109,7 +224107,6 @@ CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds
 	NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
 	- squid3 3.5.15-1 (bug #816011)
-	[jessie] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
 	[wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
 	- squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
@@ -224120,7 +224117,6 @@ CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 an
 	NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
 CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append  ...)
 	- squid3 3.5.15-1 (bug #816011)
-	[jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
 	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
 	- squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt


=====================================
data/dla-needed.txt
=====================================
@@ -122,7 +122,7 @@ sympa
   NOTE: 20200604: the non-public patch is being discussed internally. (utkarsh)
   NOTE: 20200604: shall process the upload once the confirmation is given. (utkarsh)
 --
-tomcat8
+tomcat8 (Markus Koschany)
 --
 tzdata
   NOTE: 20200514: LTS update must wait on oldstable update first (via point release) to prevent newer version in LTS (roberto)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9af3f9e9f5a7b360f9aba6cc5e153ce2de7ac878...731417d2034d30b664e1b4ff743d64717b0c3756

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9af3f9e9f5a7b360f9aba6cc5e153ce2de7ac878...731417d2034d30b664e1b4ff743d64717b0c3756
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200701/cd0aab99/attachment.html>


More information about the debian-security-tracker-commits mailing list