[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Tue Jul 14 17:09:34 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5565e7e by Moritz Muehlenhoff at 2020-07-14T18:08:51+02:00
buster triage
mark one wp issue as undetermined, no actionable information except some second hand media reports

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12765,6 +12765,7 @@ CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.
 	NOT-FOR-US: Actions Http-Client
 CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
 	- ruby-faye <unfixed> (bug #959392)
+	[buster] - ruby-faye <no-dsa> (Minor issue)
 	NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
 	NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
 CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
@@ -13834,6 +13835,7 @@ CVE-2020-10731
 	RESERVED
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
 	- ldb 2:2.1.4-1
+	[buster] - ldb <no-dsa> (Minor issue)
 	- samba 2:4.12.5+dfsg-1
 	[buster] - samba <postponed> (Minor issue, fix along in next DSA)
 	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
@@ -105388,8 +105390,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
 	NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
-	- wordpress <unfixed>
-	[jessie] - wordpress <postponed> (cf. CVE-2017-1000600)
+	- wordpress <undetermined>
 	NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600.
 CVE-2018-1000673
 	REJECTED


=====================================
data/dsa-needed.txt
=====================================
@@ -41,6 +41,8 @@ squid (jmm)
 --
 teeworlds (jmm)
 --
+tomcat9
+--
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5565e7ef2599faa3e60703e8e0263c2872f285c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5565e7ef2599faa3e60703e8e0263c2872f285c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200714/e4ef6fb0/attachment.html>

More information about the debian-security-tracker-commits mailing list