[Git][security-tracker-team/security-tracker][master] Triage python-cryptography, blueman, and wordpress

Utkarsh Gupta utkarsh at debian.org
Sun Nov 1 11:38:24 GMT 2020 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9d04c2d by Utkarsh Gupta at 2020-11-01T17:07:36+05:30
Triage python-cryptography, blueman, and wordpress

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5680,6 +5680,7 @@ CVE-2020-25660
 CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
 	RESERVED
 	- python-cryptography <unfixed> (bug #973247)
+	[stretch] - python-cryptography <no-dsa> (Minor issue; risk of regression & marginal benefit)
 	NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
 	NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ ark
   NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith)
   NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible with the old architecture (abhijith)
 --
+blueman
+--
 brotli (Roberto C. Sánchez)
   NOTE: 20201025: Requested patch review on debian-lts at l.d.o (roberto)
 --
@@ -200,6 +202,8 @@ wireshark (Adrian Bunk)
   NOTE: 20201026: will backport 2.6.8-1.1 first, and then try to update in the
   NOTE: 20201026: next buster point release followed by another backport (bunk)
 --
+wordpress (Utkarsh)
+--
 xcftools
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle)
   NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201101/bfedacaf/attachment.html>

More information about the debian-security-tracker-commits mailing list