[Git][security-tracker-team/security-tracker][master] 4 commits: correct typo

Sun Jun 28 13:06:10 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2220faec by Thorsten Alteholz at 2020-06-28T13:38:17+02:00
correct typo

- - - - -
c8ed3f3b by Thorsten Alteholz at 2020-06-28T13:46:27+02:00
add net-snmp

- - - - -
3dd5a53e by Thorsten Alteholz at 2020-06-28T14:05:02+02:00
CVE-2017-10790 is fixed

- - - - -
d6bbbdfd by Thorsten Alteholz at 2020-06-28T14:05:57+02:00
Reserve DLA-2255-1 for libtasn1-6

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -24313,7 +24313,7 @@ CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnera
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-304xx <unfixed>
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
-	[jessie] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
 CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver
@@ -170149,7 +170149,6 @@ CVE-2017-10791 (There is an Integer overflow in the hash_int function of the lib
 CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...)
 	{DSA-4106-1 DLA-1038-1}
 	- libtasn1-6 4.12-2.1 (bug #867398)
-	[jessie] - libtasn1-6 <no-dsa> (Minor issue)
 	- libtasn1-3 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
 	NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jun 2020] DLA-2255-1 libtasn1-6 - security update
+	{CVE-2017-10790}
+	[jessie] - libtasn1-6 4.2-3+deb8u4
 [25 Jun 2020] DLA-2254-1 alpine - security update
 	{CVE-2020-14929}
 	[jessie] - alpine 2.11+dfsg1-3+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -90,6 +90,9 @@ mumble
 --
 mutt (Mike Gabriel)
 --
+net-snmp
+  NOTE: 20200628: be aware of the ABI break introduced by the patches! (thorsten)
+--
 nginx
   NOTE: 20200505: Patch for CVE-2020-11724 appears to be fairly invasive and, alas, no tests. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3d0564a5cf902c3b07abdb9acd5eff65af1d803e...d6bbbdfd223f36356b7e5c16dcba38287dd69a0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3d0564a5cf902c3b07abdb9acd5eff65af1d803e...d6bbbdfd223f36356b7e5c16dcba38287dd69a0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200628/5ef55433/attachment.html>
