[Git][security-tracker-team/security-tracker][master] 4 commits: update note
Thorsten Alteholz
alteholz at debian.org
Sun Nov 15 21:38:56 GMT 2020
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f803184 by Thorsten Alteholz at 2020-11-15T22:38:37+01:00
update note
- - - - -
804a4275 by Thorsten Alteholz at 2020-11-15T22:38:38+01:00
mark CVE-2020-25657 as no-dsa for Stretch
- - - - -
11972dd5 by Thorsten Alteholz at 2020-11-15T22:38:40+01:00
mark CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 as no-dsa for Stretch
- - - - -
952a4dfd by Thorsten Alteholz at 2020-11-15T22:38:40+01:00
add mariadb-10.1
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9587,6 +9587,7 @@ CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
- postgresql-11 <removed>
[buster] - postgresql-11 <no-dsa> (Minor issue)
- postgresql-9.6 <removed>
+ [stretch] - postgresql-9.6 <no-dsa> (Minor issue)
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25695 [Multiple features escape "security restricted operation" sandbox]
RESERVED
@@ -9595,6 +9596,7 @@ CVE-2020-25695 [Multiple features escape "security restricted operation" sandbox
- postgresql-11 <removed>
[buster] - postgresql-11 <no-dsa> (Minor issue)
- postgresql-9.6 <removed>
+ [stretch] - postgresql-9.6 <no-dsa> (Minor issue)
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25694 [Reconnection can downgrade connection security settings]
RESERVED
@@ -9603,6 +9605,7 @@ CVE-2020-25694 [Reconnection can downgrade connection security settings]
- postgresql-11 <removed>
[buster] - postgresql-11 <no-dsa> (Minor issue)
- postgresql-9.6 <removed>
+ [stretch] - postgresql-9.6 <no-dsa> (Minor issue)
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25693
RESERVED
@@ -9707,6 +9710,7 @@ CVE-2020-25657
RESERVED
- m2crypto <unfixed>
[buster] - m2crypto <no-dsa> (Minor issue)
+ [stretch] - m2crypto <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
CVE-2020-25656
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -50,8 +50,10 @@ f2fs-tools
freerdp (Abhijith PA)
--
golang-1.7 (Thorsten Alteholz)
+ NOTE: 20201115: also taking care of old no-dsa
--
golang-1.8 (Thorsten Alteholz)
+ NOTE: 20201115: also taking care of old no-dsa
--
golang-github-dgrijalva-jwt-go
--
@@ -69,6 +71,8 @@ linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
--
+mariadb-10.1
+--
mumble
NOTE: 20200325: Regression in last upload, forgot to follow up.
NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72903eb7e6f65c53545aadd294d6a4be49ee045c...952a4dfd9600eee54b1f94df1f149fcec9a4a807
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72903eb7e6f65c53545aadd294d6a4be49ee045c...952a4dfd9600eee54b1f94df1f149fcec9a4a807
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201115/09a43726/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list