[Git][security-tracker-team/security-tracker][master] 3 commits: Decided that condor is worth fixing even though it is not that popular.

Ola Lundqvist opal at debian.org
Sat May 2 21:21:57 BST 2020



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af345723 by Ola Lundqvist at 2020-05-02T22:17:17+02:00
Decided that condor is worth fixing even though it is not that popular.

- - - - -
c46dd272 by Ola Lundqvist at 2020-05-02T22:19:51+02:00
Decided that CVE-2019-20792 is not worth fixing on its own. Postponing. It may be worth fixing later.

- - - - -
565e3ccf by Ola Lundqvist at 2020-05-02T22:21:42+02:00
CVE-2020-10997 should be fixed for percona-xtrabackup.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -413,6 +413,7 @@ CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qe
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190
 CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...)
 	- opensc 0.20.0-1
+	[jessie] - opensc <postponed> (Minor issue but can be worth fixing later)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
 	NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
 CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -26,6 +26,8 @@ bluez
   NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc,
   NOTE: 20200420: 718bad60d, etc.)  (lamby)
 --
+condor
+--
 jbig2dec (Dylan Aïssi)
 --
 libdatetime-timezone-perl (Emilio)
@@ -72,6 +74,8 @@ ntp (Adrian Bunk)
 opendmarc (Thorsten Alteholz)
   NOTE: 20200420: still testing package, original patch does not seem to be enough, still ongoing
 --
+percona-xtrabackup
+--
 php5 (Thorsten Alteholz)
   NOTE: 20200427: embedded software "file" needs fix for CVE-2019-18218
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/949b9f6a7af3f1f0453af509f6f76bbed49c40ad...565e3ccff67b980a48997ddba923b43466de95f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/949b9f6a7af3f1f0453af509f6f76bbed49c40ad...565e3ccff67b980a48997ddba923b43466de95f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200502/ea461bb1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list