[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2020-28242 and CVE-2020-28327 for stretch LTS.

Sat Nov 7 10:25:58 GMT 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f7ea4c7 by Chris Lamb at 2020-11-07T10:22:00+00:00
Triage CVE-2020-28242 and CVE-2020-28327 for stretch LTS.

- - - - -
55356ff0 by Chris Lamb at 2020-11-07T10:25:38+00:00
data/dla-needed.txt: Triage raptor2 for stretch LTS (CVE-2017-18926).

- - - - -
a2573c7c by Chris Lamb at 2020-11-07T10:25:43+00:00
data/dla-needed.txt: Claim raptor2.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1523,6 +1523,7 @@ CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution v
 CVE-2020-28327 (A res_pjsip_session crash was discovered in Asterisk Open Source 13.x  ...)
 	- asterisk <unfixed>
 	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2020-001.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/06/1
 CVE-2020-28326
@@ -1701,6 +1702,7 @@ CVE-2020-28243
 CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
 	- asterisk <unfixed>
 	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2020-002.html
 CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...)
 	- libmaxminddb <unfixed> (bug #973878)


=====================================
data/dla-needed.txt
=====================================
@@ -110,6 +110,8 @@ poppler (Markus Koschany)
 python3.5 (Thorsten Alteholz)
   NOTE: 20201102: testing package
 --
+raptor2 (Chris Lamb)
+--
 reel
   NOTE: 20200909: it is now unmaintained. last commit was in Aug 2018. (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e606d7b1046ad9efe44c5c1ed2394a6afdde6f55...a2573c7cb0651cc81525f5543718ce88c94c5bda

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e606d7b1046ad9efe44c5c1ed2394a6afdde6f55...a2573c7cb0651cc81525f5543718ce88c94c5bda
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201107/1f434d0a/attachment.html>
