[Git][security-tracker-team/security-tracker][master] 2 commits: Slightly reorganize notes

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77861d94 by Salvatore Bonaccorso at 2020-03-26T20:31:11+01:00
Slightly reorganize notes

- - - - -
c89756e7 by Salvatore Bonaccorso at 2020-03-26T21:21:53+01:00
Start tracking some new gitlab issues from 2020-03-26 release

Not all are actually clear, and some have not yet assigned CVEs and
indication for affected versions and releases. Need to look those later
up again.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20,14 +20,24 @@ CVE-2020-10957
 	RESERVED
 CVE-2020-10956
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10955
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10954
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10953
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10952
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10951
 	RESERVED
 CVE-2020-10950
@@ -2747,6 +2757,9 @@ CVE-2020-9796
 	RESERVED
 CVE-2020-9795
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
+	TODO: check if this is actually an issue in Nokogiri
 CVE-2020-9794
 	RESERVED
 CVE-2020-9793
@@ -110249,10 +110262,11 @@ CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/
 	- wireshark 2.4.6-1 (low)
 	[jessie] - wireshark <no-dsa> (Minor issue)
 	[wheezy] - wireshark <no-dsa> (Minor issue)
-	NOTE: applying patch in jessie/wheezy requires introduction of a new memory management system (wmem)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14487
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e3b90824a82724f445a0374e99f0b76e4cf5e8b
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
+	NOTE: Applying patch for versions 1.12 and older requires introduction of a new
+	NOTE: memory management system (wmem).
 CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
 	- wireshark 2.4.6-1 (low)
 	[jessie] - wireshark <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89eee75402cfe90e1172067ff4db5bff742bf95c...c89756e7c076c78cc435d0e16d251f68614447ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89eee75402cfe90e1172067ff4db5bff742bf95c...c89756e7c076c78cc435d0e16d251f68614447ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/5dd617f6/attachment.html>