[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-28638/tomb
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 18 21:59:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70fb8d7e by Salvatore Bonaccorso at 2020-11-18T22:58:19+01:00
Update information on CVE-2020-28638/tomb
The attempted fix only covered the issue. The maintainer as well tracked
down that the issue is only introduced in v2.6 and not already v2.0, so
update the status for buster accordingly.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1594,12 +1594,14 @@ CVE-2021-1127
CVE-2021-1126
RESERVED
CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-c ...)
- - tomb 2.7+dfsg2-2 (bug #974719)
- [buster] - tomb <no-dsa> (Minor issue)
+ - tomb <unfixed> (bug #974719; bug #975084)
+ [buster] - tomb <not-affected> (Vulnerability introduced later)
NOTE: https://github.com/dyne/Tomb/issues/385
- NOTE: Introduced by: https://github.com/dyne/Tomb/commit/bbe9a49ec3f6c709478b1f7873b567e3f36d84a1 (v2.0)
+ NOTE: Introduced by: https://github.com/dyne/Tomb/commit/477ab204439ddb88d7293d3c35a29e29751feda9 (v2.6)
NOTE: https://github.com/dyne/Tomb/pull/386
- NOTE: Fixed by: https://github.com/dyne/Tomb/commit/15c894dfb41db3ea3290bdf8f958fd9e3503c4bb
+ NOTE: Attempted to be fixed via: https://github.com/dyne/Tomb/commit/15c894dfb41db3ea3290bdf8f958fd9e3503c4bb
+ NOTE: which only hides the problem.
+ NOTE: https://github.com/dyne/Tomb/issues/392
CVE-2020-28637
RESERVED
CVE-2020-28636
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fb8d7e9d1876e4722f211a790fecfddb7211ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fb8d7e9d1876e4722f211a790fecfddb7211ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201118/eb402f97/attachment.html>
More information about the debian-security-tracker-commits
mailing list