[Git][security-tracker-team/security-tracker][master] python3.4: tidy statuses

Sylvain Beucler beuc at debian.org
Tue Jun 23 16:34:18 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c3fbdf8 by Sylvain Beucler at 2020-06-23T17:34:01+02:00
python3.4: tidy statuses

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17306,7 +17306,7 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
 	- python3.5 <removed>
 	[stretch] - python3.5 <no-dsa> (Minor issue)
 	- python3.4 <removed>
-	[jessie] - python3.4 <no-dsa> (Minor issue)
+	[jessie] - python3.4 <postponed> (Minor issue)
 	- python2.7 <unfixed>
 	[buster] - python2.7 <no-dsa> (Minor issue)
 	[stretch] - python2.7 <no-dsa> (Minor issue)
@@ -45120,7 +45120,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
 	- pypy <unfixed> (low)
 	[buster] - pypy <no-dsa> (Minor issue)
 	[stretch] - pypy <no-dsa> (Minor issue)
-	[jessie] - pypy <ignored> (Minor Issue, XSS in an unlikely use-case)
+	[jessie] - pypy <postponed> (Minor Issue, XSS in an unlikely use-case)
 	NOTE: https://bugs.python.org/issue38243
 	NOTE: https://github.com/python/cpython/pull/16373
 	NOTE: https://github.com/python/cpython/commit/e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa (master)
@@ -296794,7 +296794,7 @@ CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3
 	- python3.2 <removed> (low)
 	- python3.3 <removed> (low; bug #742928)
 	- python3.4 3.4.2-4 (low; bug #742927)
-	[jessie] - python3.4 <no-dsa> (Minor issue)
+	[jessie] - python3.4 <postponed> (Minor issue)
 	[squeeze] - python2.5 <no-dsa> (Minor issue)
 	[squeeze] - python2.6 <no-dsa> (Minor issue)
 	[wheezy] - python2.6 <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -109,6 +109,7 @@ pound
   NOTE: 20200619: No explicit patch mentioned. Needs deeper research.
 --
 python3.4 (Sylvain Beucler)
+  NOTE: 20200623: waiting for CVE-2020-14422's patch to be approved upstream
 --
 qemu (Adrian Bunk)
   NOTE: 20200531: waiting for CVE-2020-13362 fix to be applied upstream (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3fbdf81c5da1b54a8f56acc500a4dcaf11b63b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3fbdf81c5da1b54a8f56acc500a4dcaf11b63b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200623/59491db0/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list