[Git][security-tracker-team/security-tracker][master] 2 commits: slurm-llnl: add links to upstream fixes

Wed Mar 4 09:52:36 GMT 2020


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67c1d465 by Emilio Pozuelo Monfort at 2020-03-04T10:46:48+01:00
slurm-llnl: add links to upstream fixes

- - - - -
58800fe4 by Emilio Pozuelo Monfort at 2020-03-04T10:52:01+01:00
slurm-llnl no-dsa on jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16596,6 +16596,8 @@ CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes sr
 	- slurm-llnl 19.05.5-1
 	[buster] - slurm-llnl <no-dsa> (Minor issue)
 	[stretch] - slurm-llnl <no-dsa> (Minor issue)
+	[jessie] - slurm-llnl <no-dsa> (Minor issue)
+	NOTE: https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
 	NOTE: Fixed upstream in 18.08.9, 19.05.5
 CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
@@ -43954,6 +43956,8 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allo
 	{DSA-4572-1}
 	- slurm-llnl 19.05.3.2-1 (bug #931880)
 	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
+	[jessie] - slurm-llnl <no-dsa> (Too intrusive to backport)
+	NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)
 	NOT-FOR-US: Java API in Generalitat de Catalunya accesuniversitat.gencat.cat


=====================================
data/dla-needed.txt
=====================================
@@ -74,10 +74,6 @@ ruby-rack
 slirp (Utkarsh Gupta)
   NOTE: 20200223: WIP.
 --
-slurm-llnl
-  NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
-  NOTE: 20191218: Regression found. (abhijith)
---
 squid3 (Markus Koschany)
   NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
   NOTE: 20200116: Researched other distros to see if any had backported the fixes.  No luck.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bf45ebe0c5d8b15ce72331623afdea1283d51ee...58800fe455b43b8028b745ccd415886d706c230e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6bf45ebe0c5d8b15ce72331623afdea1283d51ee...58800fe455b43b8028b745ccd415886d706c230e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200304/de08ce70/attachment.html>
