[Git][security-tracker-team/security-tracker][master] Reserve DLA-2441-1 for sympa

Mon Nov 9 12:16:43 GMT 2020


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef64c64b by Sylvain Beucler at 2020-11-09T13:12:17+01:00
Reserve DLA-2441-1 for sympa

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5222,6 +5222,7 @@ CVE-2020-26881
 CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from the s ...)
 	- sympa <unfixed> (bug #972114)
 	[buster] - sympa <postponed> (Revisit when fixed upstream)
+	[stretch] - sympa <postponed> (Mitigated, revisit when fixed upstream)
 	NOTE: https://github.com/sympa-community/sympa/issues/1009
 	NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
 	NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Nov 2020] DLA-2441-1 sympa - security update
+	{CVE-2018-1000671}
+	[stretch] - sympa 6.2.16~dfsg-3+deb9u4
 [08 Nov 2020] DLA-2440-1 poppler - security update
 	{CVE-2017-14926 CVE-2017-14928 CVE-2018-19058 CVE-2018-20650 CVE-2018-20662 CVE-2019-7310 CVE-2019-9959 CVE-2019-10018 CVE-2019-14494}
 	[stretch] - poppler 0.48.0-2+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -151,15 +151,6 @@ slirp
 --
 spice-vdagent
 --
-sympa (Sylvain Beucler)
-  NOTE: 20201007: I issued DLA-2401-1 to address overdue critical vulnerability.
-  NOTE: 20201007: Lesser issues should pop up soon following work with upstream:
-  NOTE: 20201007: https://github.com/sympa-community/sympa/issues/943
-  NOTE: 20201007: I also prepared and tested a CVE-2018-1000671 backport:
-  NOTE: 20201007: https://www.beuc.net/tmp/debian-lts/sympa/
-  NOTE: 20201007: I won't have time to do more this month (Beuc)
-  NOTE: 20201015: See #972189. (lamby)
---
 tcpdump (Utkarsh)
 --
 webcit



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef64c64b76f036c2d758ff034d4bbc2362946cf8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef64c64b76f036c2d758ff034d4bbc2362946cf8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201109/923ec5bf/attachment.html>
