[Git][security-tracker-team/security-tracker][master] 3 commits: Decided that condor is worth fixing even though it is not that popular.
Ola Lundqvist
opal at debian.org
Sat May 2 21:21:57 BST 2020
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af345723 by Ola Lundqvist at 2020-05-02T22:17:17+02:00
Decided that condor is worth fixing even though it is not that popular.
- - - - -
c46dd272 by Ola Lundqvist at 2020-05-02T22:19:51+02:00
Decided that CVE-2019-20792 is not worth fixing on its own. Postponing. It may be worth fixing later.
- - - - -
565e3ccf by Ola Lundqvist at 2020-05-02T22:21:42+02:00
CVE-2020-10997 should be fixed for percona-xtrabackup.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -413,6 +413,7 @@ CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qe
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190
CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...)
- opensc 0.20.0-1
+ [jessie] - opensc <postponed> (Minor issue but can be worth fixing later)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...)
=====================================
data/dla-needed.txt
=====================================
@@ -26,6 +26,8 @@ bluez
NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc,
NOTE: 20200420: 718bad60d, etc.) (lamby)
--
+condor
+--
jbig2dec (Dylan Aïssi)
--
libdatetime-timezone-perl (Emilio)
@@ -72,6 +74,8 @@ ntp (Adrian Bunk)
opendmarc (Thorsten Alteholz)
NOTE: 20200420: still testing package, original patch does not seem to be enough, still ongoing
--
+percona-xtrabackup
+--
php5 (Thorsten Alteholz)
NOTE: 20200427: embedded software "file" needs fix for CVE-2019-18218
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/949b9f6a7af3f1f0453af509f6f76bbed49c40ad...565e3ccff67b980a48997ddba923b43466de95f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/949b9f6a7af3f1f0453af509f6f76bbed49c40ad...565e3ccff67b980a48997ddba923b43466de95f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200502/ea461bb1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list