[Git][security-tracker-team/security-tracker][master] 2 commits: Remove annotation that DLA-2447-1 fixed CVE-2020-25654

Tue Nov 17 08:22:35 GMT 2020


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29d958d8 by Markus Koschany at 2020-11-17T09:18:55+01:00
Remove annotation that DLA-2447-1 fixed CVE-2020-25654

- - - - -
f6d47059 by Markus Koschany at 2020-11-17T09:21:50+01:00
Readd pacemaker to dla-needed.txt

Reserve regression update DLA-2447-2.

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10244,7 +10244,7 @@ CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could al
 	NOT-FOR-US: Red Hat open-cluster-management
 CVE-2020-25654 [ACL restrictions bypass]
 	RESERVED
-	{DSA-4791-1 DLA-2447-1}
+	{DSA-4791-1}
 	- pacemaker 2.0.5~rc2-1 (bug #973254)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,5 @@
+[17 Nov 2020] DLA-2447-2 pacemaker - regression update
+	[stretch] - pacemaker 1.1.16-1+deb9u2
 [17 Nov 2020] DLA-2453-1 restic - security update
 	{CVE-2020-9283}
 	[stretch] - restic 0.3.3-1+deb9u1
@@ -18,7 +20,6 @@
 	{CVE-2020-26950}
 	[stretch] - firefox-esr 78.4.1esr-1~deb9u1
 [11 Nov 2020] DLA-2447-1 pacemaker - security update
-	{CVE-2020-25654}
 	[stretch] - pacemaker 1.1.16-1+deb9u1
 [10 Nov 2020] DLA-2446-1 moin - security update
 	{CVE-2020-15275 CVE-2020-25074}


=====================================
data/dla-needed.txt
=====================================
@@ -99,6 +99,9 @@ packer (Brian May)
   NOTE: Needs rebuild for CVE-2020-92830 in golang-go.crypto.
   NOTE: Problems with upload
 --
+pacemaker (Markus Koschany)
+  NOTE: 20201117: See #974563 for further information.
+--
 php-horde-trean
   NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver)
   NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/41a834f17998bae85b4ae7eaa36cdcf6ef061a83...f6d47059981308b217826496c748a98646a75b92

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/41a834f17998bae85b4ae7eaa36cdcf6ef061a83...f6d47059981308b217826496c748a98646a75b92
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201117/d78bfe93/attachment-0001.html>
