[Git][security-tracker-team/security-tracker][master] CVE-2020-14928/e-d-s will actually get a DSA/DLA

Emilio Pozuelo Monfort pochu at debian.org
Tue Jul 14 10:34:07 BST 2020 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41edc128 by Emilio Pozuelo Monfort at 2020-07-14T11:33:22+02:00
CVE-2020-14928/e-d-s will actually get a DSA/DLA

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1762,8 +1762,6 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connecti
 CVE-2020-14928
 	RESERVED
 	- evolution-data-server 3.36.4-1
-	[buster] - evolution-data-server <no-dsa> (Will be fixed via spu)
-	[stretch] - evolution-data-server <no-dsa> (Will be fixed via spu)
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
 	NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
 CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...)


=====================================
data/dla-needed.txt
=====================================
@@ -46,6 +46,8 @@ condor (Roberto C. Sánchez)
 --
 curl (Thorsten Alteholz)
 --
+evolution-data-server (Emilio)
+--
 ffmpeg (Adrian Bunk)
   NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby)
   NOTE: 20200707: According to jmm, ffmpeg in stretch follows the 3.2.x releases


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 curl (ghedo)
 --
+evolution-data-server (jmm)
+--
 libopenmpt
 --
 knot-resolver



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41edc128feaf49f2c595dc8c2fbf1eccdb1665f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41edc128feaf49f2c595dc8c2fbf1eccdb1665f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200714/d05dee0c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list