[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage ansible for jessie LTS.

Chris Lamb lamby at debian.org
Wed May 6 11:13:10 BST 2020 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbf258e5 by Chris Lamb at 2020-05-06T11:12:21+01:00
data/dla-needed.txt: Triage ansible for jessie LTS.

- - - - -
680f929d by Chris Lamb at 2020-05-06T11:13:01+01:00
data/dla-needed.txt: Triage thunderbird for jessie LTS.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -9,6 +9,14 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
+--
+ansible
+  NOTE: 20200506: DLA-2202-1 from (20200505) covers CVE-2019-14846,
+  NOTE: 20200506: CVE-2020-1733, CVE-2020-1739 and CVE-2020-1740 but not
+  NOTE: 20200506: CVE-2020-1736. The version in jessie does not use the
+  NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0777 and 0666
+  NOTE: 20200506: in the atomic_move code in basic.py, so is likely vulnerable.
+  NOTE: 20200506: (lamby)
 --
 apache-log4j2 (Abhijith PA)
 --
@@ -82,6 +90,8 @@ squid3 (Markus Koschany)
   NOTE: 20200427: Working on squid3 in Stretch which will be used for Jessie
   NOTE: 20200427: and Stretch. It seems more useful for the future.
 --
+thunderbird
+--
 tika (Utkarsh Gupta)
   NOTE: 20200428: Pinged upstream for relevant commits.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1705b841c36fcd579885acacd02d4492564b40...680f929d24debd63c7c2174335402f3afd3ce56c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1705b841c36fcd579885acacd02d4492564b40...680f929d24debd63c7c2174335402f3afd3ce56c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200506/70ee0321/attachment.html>

More information about the debian-security-tracker-commits mailing list