[Git][security-tracker-team/security-tracker][master] 4 commits: update note

Sun Nov 15 21:38:56 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f803184 by Thorsten Alteholz at 2020-11-15T22:38:37+01:00
update note

- - - - -
804a4275 by Thorsten Alteholz at 2020-11-15T22:38:38+01:00
mark CVE-2020-25657 as no-dsa for Stretch

- - - - -
11972dd5 by Thorsten Alteholz at 2020-11-15T22:38:40+01:00
mark CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 as no-dsa for Stretch

- - - - -
952a4dfd by Thorsten Alteholz at 2020-11-15T22:38:40+01:00
add mariadb-10.1

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9587,6 +9587,7 @@ CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
 	- postgresql-11 <removed>
 	[buster] - postgresql-11 <no-dsa> (Minor issue)
 	- postgresql-9.6 <removed>
+	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
 CVE-2020-25695 [Multiple features escape "security restricted operation" sandbox]
 	RESERVED
@@ -9595,6 +9596,7 @@ CVE-2020-25695 [Multiple features escape "security restricted operation" sandbox
 	- postgresql-11 <removed>
 	[buster] - postgresql-11 <no-dsa> (Minor issue)
 	- postgresql-9.6 <removed>
+	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
 CVE-2020-25694 [Reconnection can downgrade connection security settings]
 	RESERVED
@@ -9603,6 +9605,7 @@ CVE-2020-25694 [Reconnection can downgrade connection security settings]
 	- postgresql-11 <removed>
 	[buster] - postgresql-11 <no-dsa> (Minor issue)
 	- postgresql-9.6 <removed>
+	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
 CVE-2020-25693
 	RESERVED
@@ -9707,6 +9710,7 @@ CVE-2020-25657
 	RESERVED
 	- m2crypto <unfixed>
 	[buster] - m2crypto <no-dsa> (Minor issue)
+	[stretch] - m2crypto <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
 CVE-2020-25656
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -50,8 +50,10 @@ f2fs-tools
 freerdp (Abhijith PA)
 --
 golang-1.7 (Thorsten Alteholz)
+  NOTE: 20201115: also taking care of old no-dsa
 --
 golang-1.8 (Thorsten Alteholz)
+  NOTE: 20201115: also taking care of old no-dsa
 --
 golang-github-dgrijalva-jwt-go
 --
@@ -69,6 +71,8 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
+mariadb-10.1
+--
 mumble
   NOTE: 20200325: Regression in last upload, forgot to follow up.
   NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72903eb7e6f65c53545aadd294d6a4be49ee045c...952a4dfd9600eee54b1f94df1f149fcec9a4a807

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72903eb7e6f65c53545aadd294d6a4be49ee045c...952a4dfd9600eee54b1f94df1f149fcec9a4a807
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201115/09a43726/attachment-0001.html>
