[Git][security-tracker-team/security-tracker][master] Reserve DLA-2280-1 for python3.5

Wed Jul 15 10:25:19 BST 2020


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c23fafb by Sylvain Beucler at 2020-07-15T11:18:53+02:00
Reserve DLA-2280-1 for python3.5

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3216,7 +3216,6 @@ CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes has
 	- python3.7 <removed>
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.5 <removed>
-	[stretch] - python3.5 <no-dsa> (Minor issue)
 	- python3.4 <removed>
 	[jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
 	NOTE: https://bugs.python.org/issue41004
@@ -19380,7 +19379,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
 	- python3.7 <removed>
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.5 <removed>
-	[stretch] - python3.5 <no-dsa> (Minor issue)
 	- python3.4 <removed>
 	[jessie] - python3.4 <postponed> (Minor issue)
 	- python2.7 <unfixed>
@@ -83319,7 +83317,6 @@ CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509
 	- python3.7 3.7.2-2 (bug #921064)
 	- python3.6 <removed> (bug #921063)
 	- python3.5 <removed>
-	[stretch] - python3.5 <postponed> (Minor issue, can be fixed along in a future DSA)
 	- python3.4 <removed>
 	- python2.7 2.7.15-6 (bug #921040)
 	[stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Jul 2020] DLA-2280-1 python3.5 - security update
+	{CVE-2018-20406 CVE-2018-20852 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-10160 CVE-2019-16056 CVE-2019-16935 CVE-2019-18348 CVE-2020-8492 CVE-2020-14422}
+	[stretch] - python3.5 3.5.3-1+deb9u2
 [12 Jul 2020] DLA-2279-1 tomcat8 - security update
 	{CVE-2020-9484 CVE-2020-11996}
 	[stretch] - tomcat8 8.5.54-0+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -129,10 +129,6 @@ poppler (Emilio)
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
-python3.5 (Sylvain Beucler)
-  NOTE: 20200709: update is ready, only (lotsa) non-critical CVEs so uploading after point release unless it's delayed too much (Beuc)
-  NOTE: 20200709: https://www.beuc.net/tmp/debian-lts/python3.5/
---
 qemu
   NOTE: might be fixed by -pu. Visit later (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c23fafbc81985c56911cd37bbf2b0722fae861e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c23fafbc81985c56911cd37bbf2b0722fae861e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200715/ee3b3f39/attachment-0001.html>
