[Git][security-tracker-team/security-tracker][master] stable triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e3e6bb8 by Moritz Muehlenhoff at 2020-07-10T19:14:22+02:00
stable triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1208,7 +1208,8 @@ CVE-2020-15097
 CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
 	- electron <itp> (bug #842420)
 CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
-	- npm <unfixed> (bug #964746)
+	- npm <unfixed> (low; bug #964746)
+	[buster] - npm <no-dsa> (Minor issue)
 	NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
 	NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
 CVE-2020-15094
@@ -14599,9 +14600,12 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
 	NOTE: Fixed in 6.2.3 and 7.1.0
 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.1.0, an out-of-bou ...)
 	- pillow <unfixed>
+	[buster] - pillow <no-dsa> (Minor issue)
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 	NOTE: Fixed in 6.2.3 and 7.1.0
+	NOTE: https://github.com/python-pillow/Pillow/commit/6b842f4ec001b12a9348e95854e02bbd10a84e20
+	NOTE: https://github.com/python-pillow/Pillow/commit/b8d4ce1a591beda18c2d5c80a9f5a5e4856f6beb
 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...)
 	NOT-FOR-US: Mitel
 CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
@@ -15066,6 +15070,7 @@ CVE-2020-10178
 	REJECTED
 CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
 	- pillow <unfixed>
+	[buster] - pillow <ignored> (Minor issue)
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4503
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538


=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ poppler (jmm)
 rails
   Sylvain Beucler proposed to help for the update, pending upstream feedback for CVE-2020-8163
 --
+ruby-sanitize
+--
 squid (jmm)
 --
 teeworlds (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e3e6bb87ced9a8e297148176266fb8fce0586d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e3e6bb87ced9a8e297148176266fb8fce0586d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200710/a2727ede/attachment.html>