[Git][security-tracker-team/security-tracker][master] 7 commits: mark CVE-2020-14940 as no-dsa for Jessie

Wed Jun 24 13:10:55 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cb5a9e1 by Thorsten Alteholz at 2020-06-24T13:45:52+02:00
mark CVE-2020-14940 as no-dsa for Jessie

- - - - -
be7eb6c1 by Thorsten Alteholz at 2020-06-24T13:52:11+02:00
add ruby-rack

- - - - -
56cbabce by Thorsten Alteholz at 2020-06-24T13:52:42+02:00
add curl

- - - - -
36d33a0d by Thorsten Alteholz at 2020-06-24T13:58:11+02:00
mark CVE-2020-14152 as no-dsa for Jessie

- - - - -
9453a33e by Thorsten Alteholz at 2020-06-24T14:06:00+02:00
mark CVE-2017-8761 as end-of-life for Jessie

- - - - -
1166dd9a by Thorsten Alteholz at 2020-06-24T14:07:00+02:00
add python-rtslib-fb

- - - - -
106d514b by Thorsten Alteholz at 2020-06-24T14:10:21+02:00
add drupal7

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,6 +120,7 @@ CVE-2020-14941
 	RESERVED
 CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar  ...)
 	- tuxguitar <unfixed>
+	[jessie] - tuxguitar <no-dsa> (Minor issue)
 	NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html
 	NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/
 CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
@@ -2070,6 +2071,7 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun
 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
 	- libjpeg9 1:9d-1 (low)
 	- libjpeg-turbo <unfixed> (low)
+	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
 	TODO: report to libjpeg-turbo upstream
 CVE-2020-14151 (In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cj ...)
 	NOTE: Duplicate of CVE-2018-11813, should be rejected
@@ -175522,6 +175524,7 @@ CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who sub
 CVE-2017-8761 [Swift tempurl middleware reveals signatures in the logfiles]
 	RESERVED
 	- swift <unfixed>
+	[jessie] - swift <end-of-life> (Not supported in Jessie LTS)
 	NOTE: https://bugs.launchpad.net/swift/+bug/1685798
 CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
 	NOT-FOR-US: Accellion FTA devices


=====================================
data/dla-needed.txt
=====================================
@@ -45,6 +45,10 @@ condor (Roberto C. Sánchez)
   NOTE: 20200525: Fix: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8 (utkarsh)
   NOTE: 20200531: Patches are linked from https://security-tracker.debian.org/tracker/CVE-2019-18823 (bunk)
 --
+curl (Thorsten Alteholz)
+--
+drupal7
+--
 freerdp
   NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
   NOTE: 20200531: Discussing if EOL'ing of freerdp (1.1) makes sense (sunweaver)
@@ -111,12 +115,17 @@ pound
 python3.4 (Sylvain Beucler)
   NOTE: 20200623: waiting for CVE-2020-14422's patch to be approved upstream
 --
+python-rtslib-fb (Thorsten Alteholz)
+--
 qemu (Adrian Bunk)
   NOTE: 20200531: waiting for CVE-2020-13362 fix to be applied upstream (bunk)
   NOTE: 20200615: work is ongoing (bunk)
 --
 rails (Sylvain Beucler)
 --
+ruby-rack
+  NOTE: probably not affected (parse_cookies_header() is not available in Jessie, but code might hide somewhere else) (thorsten)
+--
 sqlite3 (Abhijith PA)
   NOTE: 20200620: WIP (abhijith)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/46ab4bba574f50275d7de24ef7b7b0b5f8ab8974...106d514bf90a6a16fb61a61ae40ccec3ae23417b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/46ab4bba574f50275d7de24ef7b7b0b5f8ab8974...106d514bf90a6a16fb61a61ae40ccec3ae23417b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200624/2846baea/attachment-0001.html>
