[Git][security-tracker-team/security-tracker][master] Concluded that CVE-2020-14150 in bison is not worth fixing in jessie.
Ola Lundqvist
opal at debian.org
Fri Jun 26 22:50:55 BST 2020
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d681a4d by Ola Lundqvist at 2020-06-26T23:49:21+02:00
Concluded that CVE-2020-14150 in bison is not worth fixing in jessie.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2838,6 +2838,7 @@ CVE-2020-14151
REJECTED
CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)
- bison 2:3.6.1+dfsg-1 (unimportant)
+ [jessie] - bison <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
NOTE: Crash in CLI tool, no security impact
CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...)
=====================================
data/dla-needed.txt
=====================================
@@ -30,9 +30,6 @@ apache2
--
batik (Emilio)
--
-bison
- NOTE: 20200619: Patch not explicitly mentioned. Needs deeper research.
---
cacti (Abhijith PA)
NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith)
NOTE: 20200620: WIP (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d681a4dcf9673cef717387ceac23441c924fc1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d681a4dcf9673cef717387ceac23441c924fc1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200626/60ac63f4/attachment.html>
More information about the debian-security-tracker-commits
mailing list