[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: remove <postponed> tag from fixed CVE

Roberto C. Sánchez roberto at debian.org
Thu Nov 19 03:28:21 GMT 2020 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14659c6d by Roberto C. Sánchez at 2020-11-18T22:26:15-05:00
LTS: remove <postponed> tag from fixed CVE

- - - - -
29fe9f4f by Roberto C. Sánchez at 2020-11-18T22:28:09-05:00
Reserve DLA-2456-1 for python3.5

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -31256,7 +31256,6 @@ CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able t
 	- python3.7 <removed> (low)
 	[buster] - python3.7 3.7.3-2+deb10u2
 	- python3.5 <removed> (low)
-	[stretch] - python3.5 <postponed> (Minor issue, can be fixed in next DLA)
 	- python2.7 <unfixed> (low; bug #970099)
 	[buster] - python2.7 <no-dsa> (Minor issue)
 	[stretch] - python2.7 <postponed> (Minor issue, can be fixed in next DLA)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Nov 2020] DLA-2456-1 python3.5 - security update
+	{CVE-2019-20907 CVE-2020-26116}
+	[stretch] - python3.5 3.5.3-1+deb9u3
 [19 Nov 2020] DLA-2455-1 packer - security update
 	{CVE-2020-9283}
 	[stretch] - packer 0.10.2+dfsg-6+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -112,8 +112,6 @@ php-horde-trean
 pluxml
   NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith)
 --
-python3.5 (Roberto C. Sánchez)
---
 qemu (Thorsten Alteholz)
 --
 raptor2 (Utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d687021507e40b22726f8bb423bd07f9231918...29fe9f4f0b5eb7ba13a275e532ae9f7600a66aa4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d687021507e40b22726f8bb423bd07f9231918...29fe9f4f0b5eb7ba13a275e532ae9f7600a66aa4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201119/561326fc/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list