[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Triage bouncycastle for stretch LTS (CVE-2020-26939).

Wed Nov 4 10:40:52 GMT 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e540cfa by Chris Lamb at 2020-11-04T10:36:41+00:00
data/dla-needed.txt: Triage bouncycastle for stretch LTS (CVE-2020-26939)..

- - - - -
08c0ebc0 by Chris Lamb at 2020-11-04T10:36:53+00:00
data/dla-needed.txt: Claim bouncycastle.

- - - - -
6741e8e6 by Chris Lamb at 2020-11-04T10:38:19+00:00
data/dla-needed.txt: Triage cimg for stretch LTS (CVE-2020-25693).

- - - - -
7411758f by Chris Lamb at 2020-11-04T10:39:54+00:00
Triage CVE-2020-7760 in codemirror-js for stretch LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -48870,6 +48870,7 @@ CVE-2020-7761
 	RESERVED
 CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...)
 	- codemirror-js <unfixed>
+	[stretch] - codemirror-js <not-affected> (Vulnerable code added later)
 	NOTE: https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
 	NOTE: https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
 CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...)


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ ark
   NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith)
   NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible with the old architecture (abhijith)
 --
+bouncycastle (Chris Lamb)
+--
 brotli (Roberto C. Sánchez)
   NOTE: 20201025: Requested patch review on debian-lts at l.d.o (roberto)
 --
@@ -45,6 +47,8 @@ ceph
   NOTE: 20200928: Packages prepared and available at http://apt.inguza.net/stretch-lts/ceph/
   NOTE: 20200928: If someone know how to test the packages please take this build and upload (after testing it).
 --
+cimg
+--
 condor
   NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto)
   NOTE: 20200521: Still embargoed (eg. https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html). (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c4678373daf764d369ea5f2381f234293d4bdba...7411758f2b61551107a08b43617dca0d5dcdc3f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c4678373daf764d369ea5f2381f234293d4bdba...7411758f2b61551107a08b43617dca0d5dcdc3f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201104/275ada06/attachment-0001.html>
