[Git][security-tracker-team/security-tracker][master] dla: update status (nginx, python3.5, rails)

Sylvain Beucler beuc at debian.org
Mon Jul 13 15:52:13 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a9a0759 by Sylvain Beucler at 2020-07-13T16:51:52+02:00
dla: update status (nginx, python3.5, rails)

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -109,8 +109,9 @@ mupdf
   NOTE: 20200708: Vulnerable to at least CVE-2019-13290. (lamby)
 --
 nginx (Sylvain Beucler)
-  NOTE: 20200505: Patch for CVE-2020-11724 appears to be fairly invasive and, alas, no tests. (lamby)
-  NOTE: 20200708: #948650 is a stretch point release update for CVE-2019-20372 (bunk)
+  NOTE: 20200713: update is ready, will publish after point release unless it's delayed too much (Beuc)
+  NOTE: 20200713: https://www.beuc.net/tmp/debian-lts/nginx/
+  NOTE: 20200713: this deb9u5 includes/supersedes stretch-pu deb9u4
 --
 nss (Adrian Bunk)
   NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
@@ -127,7 +128,7 @@ puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
 python3.5 (Sylvain Beucler)
-  NOTE: 20200709: update is ready, only (lotsa) non-critical CVEs so uploading after point release (Beuc)
+  NOTE: 20200709: update is ready, only (lotsa) non-critical CVEs so uploading after point release unless it's delayed too much (Beuc)
   NOTE: 20200709: https://www.beuc.net/tmp/debian-lts/python3.5/
 --
 qemu
@@ -138,6 +139,7 @@ rails (Sylvain Beucler)
   NOTE: 20200706: https://lists.debian.org/debian-lts/2020/07/msg00065.html
   NOTE: 20200709: https://www.beuc.net/tmp/debian-lts/rails/
   NOTE: 20200709: this deb9u3 includes/supersedes stretch-pu deb9u2
+  NOTE: 20200713: secteam was planning to work on buster side past week-end
 --
 ruby-zip
   NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9a075995457fc58b67296cce5e70edff3feb7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9a075995457fc58b67296cce5e70edff3feb7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200713/414fe01b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list