[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2019-1010259 as not-affected for Stretch

Tue Jul 21 14:41:10 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a547dc6 by Thorsten Alteholz at 2020-07-21T14:36:13+02:00
mark CVE-2019-1010259 as not-affected for Stretch

- - - - -
4c94cd04 by Thorsten Alteholz at 2020-07-21T15:29:01+02:00
mark CVE-2020-14315 as no-dsa for Stretch

- - - - -
ebb9b5d7 by Thorsten Alteholz at 2020-07-21T15:34:16+02:00
mark CVE-2020-10683 as no-dsa for Stretch

- - - - -
ed64db8c by Thorsten Alteholz at 2020-07-21T15:36:01+02:00
though no patch yet, mark CVE-2019-14560 as no-dsa for Stretch

- - - - -
4e768885 by Thorsten Alteholz at 2020-07-21T15:40:22+02:00
mark temp CVE for mpv as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,6 +21,7 @@ CVE-2020-15853
 CVE-2020-XXXX [mpv insecure lua loadpath]
 	- mpv 0.32.0-2 (bug #950816)
 	[buster] - mpv <no-dsa> (Minor issue)
+	[stretch] - mpv <no-dsa> (Minor issue)
 	NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6
 CVE-2020-15851
 	RESERVED
@@ -3757,6 +3758,7 @@ CVE-2020-14315
 	RESERVED
 	- bsdiff <unfixed> (bug #964796)
 	[buster] - bsdiff <no-dsa> (Minor issue)
+	[stretch] - bsdiff <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
 CVE-2020-14314 [buffer uses out of index in ext3/4 filesystem]
@@ -14500,6 +14502,7 @@ CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by
 	{DLA-2191-1}
 	- dom4j <unfixed> (bug #958055)
 	[buster] - dom4j <no-dsa> (Minor issue)
+	[stretch] - dom4j <no-dsa> (Minor issue)
 	NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?)
 	NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?)
 CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...)
@@ -55144,6 +55147,7 @@ CVE-2019-14560
 	RESERVED
 	- edk2 <unfixed>
 	[buster] - edk2 <no-dsa> (Minor issue)
+	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
 CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
 	RESERVED
@@ -70098,6 +70102,7 @@ CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can resul
 	NOT-FOR-US: ktlint
 CVE-2019-1010259 (SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impac ...)
 	- salt 2018.3.4~git20180207+dfsg1-1
+	[stretch] - salt <not-affected> (vulnerable MySQL queries are not present)
 	[jessie] - salt <not-affected> (vulnerable MySQL queries are not present)
 	NOTE: https://github.com/saltstack/salt/pull/51462
 CVE-2019-1010258 (nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf4 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/724f0e7ee38c3fac0765fff68fb938ad63f368de...4e76888557941044ebb903129a070f989c5c8a2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/724f0e7ee38c3fac0765fff68fb938ad63f368de...4e76888557941044ebb903129a070f989c5c8a2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200721/c48c6678/attachment-0001.html>
