[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage ansible for jessie LTS.
Chris Lamb
lamby at debian.org
Wed May 6 11:13:10 BST 2020
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbf258e5 by Chris Lamb at 2020-05-06T11:12:21+01:00
data/dla-needed.txt: Triage ansible for jessie LTS.
- - - - -
680f929d by Chris Lamb at 2020-05-06T11:13:01+01:00
data/dla-needed.txt: Triage thunderbird for jessie LTS.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -9,6 +9,14 @@ To pick an issue, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
+--
+ansible
+ NOTE: 20200506: DLA-2202-1 from (20200505) covers CVE-2019-14846,
+ NOTE: 20200506: CVE-2020-1733, CVE-2020-1739 and CVE-2020-1740 but not
+ NOTE: 20200506: CVE-2020-1736. The version in jessie does not use the
+ NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0777 and 0666
+ NOTE: 20200506: in the atomic_move code in basic.py, so is likely vulnerable.
+ NOTE: 20200506: (lamby)
--
apache-log4j2 (Abhijith PA)
--
@@ -82,6 +90,8 @@ squid3 (Markus Koschany)
NOTE: 20200427: Working on squid3 in Stretch which will be used for Jessie
NOTE: 20200427: and Stretch. It seems more useful for the future.
--
+thunderbird
+--
tika (Utkarsh Gupta)
NOTE: 20200428: Pinged upstream for relevant commits.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1705b841c36fcd579885acacd02d4492564b40...680f929d24debd63c7c2174335402f3afd3ce56c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1705b841c36fcd579885acacd02d4492564b40...680f929d24debd63c7c2174335402f3afd3ce56c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200506/70ee0321/attachment.html>
More information about the debian-security-tracker-commits
mailing list