[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2020-14939 and CVE-2020-14938 of freedroidrpg as end-of-life (games are not supported)
Thorsten Alteholz
alteholz at debian.org
Thu Jun 25 14:40:27 BST 2020
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3cbba56f by Thorsten Alteholz at 2020-06-25T15:40:08+02:00
mark CVE-2020-14939 and CVE-2020-14938 of freedroidrpg as end-of-life (games are not supported)
- - - - -
85062c43 by Thorsten Alteholz at 2020-06-25T15:40:08+02:00
add squirrelmail
- - - - -
8d71be5b by Thorsten Alteholz at 2020-06-25T15:40:09+02:00
mark CVE-2020-14983 of chocolate-doom as end-of-life (games are not supported)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -139,6 +139,7 @@ CVE-2020-14984
CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...)
- crispy-doom <unfixed>
- chocolate-doom <unfixed>
+ [jessie] - chocolate-doom <end-of-life> (games are not supported)
NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
CVE-2020-14982
RESERVED
@@ -233,12 +234,14 @@ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG
- freedroidrpg <unfixed> (low)
[buster] - freedroidrpg <no-dsa> (Minor issue)
[stretch] - freedroidrpg <no-dsa> (Minor issue)
+ [jessie] - freedroidrpg <end-of-life> (games are not supported)
NOTE: https://bugs.freedroid.org/b/issue953
NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
- freedroidrpg <unfixed> (low)
[buster] - freedroidrpg <no-dsa> (Minor issue)
[stretch] - freedroidrpg <no-dsa> (Minor issue)
+ [jessie] - freedroidrpg <end-of-life> (games are not supported)
NOTE: https://bugs.freedroid.org/b/issue952
NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14937
=====================================
data/dla-needed.txt
=====================================
@@ -135,6 +135,9 @@ squid3 (Markus Koschany)
NOTE: 20200622: https://people.debian.org/~apo/lts/squid3/
NOTE: 20200622: Patch for CVE-2019-12523 almost complete.
--
+squirrelmail
+ NOTE: 20200625: according to the oss-security email there are other issues to be fixed as well, probably not worth fixing if not needed in ELTS
+--
sympa
NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh)
NOTE: 20200525: But that is weird, given their announcement. (utkarsh)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/56bf3153e793a46b2e794dc3909721538f4099a7...8d71be5b47ec53e586cc6fea2b891b506b1097b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/56bf3153e793a46b2e794dc3909721538f4099a7...8d71be5b47ec53e586cc6fea2b891b506b1097b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200625/1aaf06b4/attachment.html>
More information about the debian-security-tracker-commits
mailing list