[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-28638/tomb

Salvatore Bonaccorso carnil at debian.org
Wed Nov 18 21:59:23 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70fb8d7e by Salvatore Bonaccorso at 2020-11-18T22:58:19+01:00
Update information on CVE-2020-28638/tomb

The attempted fix only covered the issue. The maintainer as well tracked
down that the issue is only introduced in v2.6 and not already v2.0, so
update the status for buster accordingly.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1594,12 +1594,14 @@ CVE-2021-1127
 CVE-2021-1126
 	RESERVED
 CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-c ...)
-	- tomb 2.7+dfsg2-2 (bug #974719)
-	[buster] - tomb <no-dsa> (Minor issue)
+	- tomb <unfixed> (bug #974719; bug #975084)
+	[buster] - tomb <not-affected> (Vulnerability introduced later)
 	NOTE: https://github.com/dyne/Tomb/issues/385
-	NOTE: Introduced by: https://github.com/dyne/Tomb/commit/bbe9a49ec3f6c709478b1f7873b567e3f36d84a1 (v2.0)
+	NOTE: Introduced by: https://github.com/dyne/Tomb/commit/477ab204439ddb88d7293d3c35a29e29751feda9 (v2.6)
 	NOTE: https://github.com/dyne/Tomb/pull/386
-	NOTE: Fixed by: https://github.com/dyne/Tomb/commit/15c894dfb41db3ea3290bdf8f958fd9e3503c4bb
+	NOTE: Attempted to be fixed via: https://github.com/dyne/Tomb/commit/15c894dfb41db3ea3290bdf8f958fd9e3503c4bb
+	NOTE: which only hides the problem.
+	NOTE: https://github.com/dyne/Tomb/issues/392
 CVE-2020-28637
 	RESERVED
 CVE-2020-28636



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fb8d7e9d1876e4722f211a790fecfddb7211ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fb8d7e9d1876e4722f211a790fecfddb7211ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201118/eb402f97/attachment.html>

More information about the debian-security-tracker-commits mailing list