[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2020-14019 as not-affected for Jessie

Thorsten Alteholz alteholz at debian.org
Sun Jun 28 11:03:12 BST 2020 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3539f09d by Thorsten Alteholz at 2020-06-28T11:57:09+02:00
mark CVE-2020-14019 as not-affected for Jessie

- - - - -
c4325087 by Thorsten Alteholz at 2020-06-28T11:57:37+02:00
no upload needed

- - - - -
d1277bd5 by Thorsten Alteholz at 2020-06-28T11:59:31+02:00
mark CVE-2020-14002 as no-dsa for Jessie

- - - - -
e5286205 by Thorsten Alteholz at 2020-06-28T12:02:06+02:00
mark CVE-2020-5967 as no-dsa for Jessie

- - - - -
3c20fcb4 by Thorsten Alteholz at 2020-06-28T12:02:41+02:00
mark CVE-2020-5963 as no-dsa for Jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3218,6 +3218,7 @@ CVE-2020-14020
 	RESERVED
 CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
 	- python-rtslib-fb <unfixed>
+	[jessie] - python-rtslib-fb <not-affected> (vulnerable code introduced later, shutil.copyfile is not used)
 	NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162
 CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...)
 	NOT-FOR-US: Navigate CMS
@@ -3260,6 +3261,7 @@ CVE-2020-14002 [Dynamic host key policy leaks information about known host keys]
 	- putty 0.74-1
 	[buster] - putty <no-dsa> (Minor issue)
 	[stretch] - putty <no-dsa> (Minor issue)
+	[jessie] - putty <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
 CVE-2020-14001
 	RESERVED
@@ -24305,6 +24307,7 @@ CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnera
 	- nvidia-graphics-drivers <unfixed> (bug #963766)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed>
 	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed>
@@ -24312,6 +24315,7 @@ CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnera
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-304xx <unfixed>
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+	[jessie] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
 CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver
@@ -24323,6 +24327,7 @@ CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
 	- nvidia-graphics-drivers <unfixed> (bug #963766)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed>
 	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed>
@@ -24330,6 +24335,7 @@ CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-304xx <unfixed>
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
 CVE-2020-5962 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver


=====================================
data/dla-needed.txt
=====================================
@@ -108,8 +108,6 @@ php5 (Thorsten Alteholz)
 python3.4 (Sylvain Beucler)
   NOTE: 20200623: waiting for CVE-2020-14422's patch to be approved upstream
 --
-python-rtslib-fb (Thorsten Alteholz)
---
 qemu (Adrian Bunk)
   NOTE: 20200531: waiting for CVE-2020-13362 fix to be applied upstream (bunk)
   NOTE: 20200615: work is ongoing (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e...3c20fcb4968dfebee6cfc926a0411c1832524c40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e...3c20fcb4968dfebee6cfc926a0411c1832524c40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200628/1759ee11/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list