[Git][security-tracker-team/security-tracker][master] Reserve DLA-2301-1 for json-c

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6e85400 by Emilio Pozuelo Monfort at 2020-07-30T16:35:13+02:00
Reserve DLA-2301-1 for json-c

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jul 2020] DLA-2301-1 json-c - security update
+	{CVE-2020-12762}
+	[stretch] - json-c 0.12.1-1.1+deb9u1
 [30 Jul 2020] DLA-2300-1 kdepim-runtime - security update
 	{CVE-2020-15954}
 	[stretch] - kdepim-runtime 4:16.04.2-2+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -67,11 +67,6 @@ imagemagick (Markus Koschany)
 jruby
   NOTE: 20200706: all open CVEs were fixed in jessie (Beuc)
 --
-json-c (Emilio)
-  NOTE: 20200709: Not all of the patches as part of CVE-2020-12762 do not apply
-  NOTE: 20200709: directly/cleanly to the version in stretch, but I suspect we
-  NOTE: 20200709: are still vulnerable. (lamby)
---
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e854007b4bdb5ac438b5352a2a4cab52493ac7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e854007b4bdb5ac438b5352a2a4cab52493ac7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200730/cba681c6/attachment.html>