[Git][security-tracker-team/security-tracker][master] 6 commits: data/dla-needed.txt: Triage sddm for stretch LTS (CVE-2020-28049).

Thu Nov 5 09:16:20 GMT 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
335b0a61 by Chris Lamb at 2020-11-05T09:09:52+00:00
data/dla-needed.txt: Triage sddm for stretch LTS (CVE-2020-28049).

- - - - -
17c20e60 by Chris Lamb at 2020-11-05T09:10:01+00:00
data/dla-needed.txt: Claim sddm.

- - - - -
ddc46836 by Chris Lamb at 2020-11-05T09:10:55+00:00
Triage CVE-2020-27735 in openrc for stretch LTS.

- - - - -
ad330c72 by Chris Lamb at 2020-11-05T09:12:18+00:00
data/dla-needed.txt: Triage gdm3 for stretch LTS.

- - - - -
1447aebf by Chris Lamb at 2020-11-05T09:12:25+00:00
data/dla-needed.txt: Claim gdm3.

- - - - -
8c60d8a2 by Chris Lamb at 2020-11-05T09:16:08+00:00
data/dla-needed.txt: Triage spice-vdagent for stretch LTS (CVE-2020-25650, CVE-2020-25651, CVE-2020-25652 & CVE-2020-25653).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1202,6 +1202,7 @@ CVE-2020-27735
 CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
 	- openrc <unfixed> (bug #973245)
 	[buster] - openrc <no-dsa> (Minor issue)
+	[stretch] - openrc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenRC/openrc/issues/201
 	NOTE: http://michael.orlitzky.com/cves/cve-2018-21269.xhtml
 CVE-2020-27734


=====================================
data/dla-needed.txt
=====================================
@@ -69,6 +69,8 @@ fossil
 --
 freerdp
 --
+gdm3 (Chris Lamb)
+--
 golang-1.7 (Thorsten Alteholz)
 --
 golang-1.8 (Thorsten Alteholz)
@@ -161,6 +163,8 @@ samba (Roberto C. Sánchez)
   NOTE: 20200830: Will remove this entry and mark all current CVEs as postponed. But first I need to know were the patches are (ola).
   NOTE: 20200903: As discussed internally, I will look into Samba AD CVEs and revisit the risk assessment, plus fix the more severe issues (sunweaver)
 --
+sddm (Chris Lamb)
+--
 shiro
   NOTE: 20200920: WIP
   NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto)
@@ -171,6 +175,8 @@ slirp
   NOTE: CVE-2020-7039 to be applied patched first, as they both patch
   NOTE: the same lines of code in tcp_subr.c (bam).
 --
+spice-vdagent
+--
 sympa
   NOTE: 20201007: I issued DLA-2401-1 to address overdue critical vulnerability.
   NOTE: 20201007: Lesser issues should pop up soon following work with upstream:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8e141504af28573b9d2126e084c15b819885e94e...8c60d8a228fafeef9b5988b5525a84473d1f385a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8e141504af28573b9d2126e084c15b819885e94e...8c60d8a228fafeef9b5988b5525a84473d1f385a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201105/30f5e7c5/attachment-0001.html>
