[Git][security-tracker-team/security-tracker][master] netbeans fixed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f067e2d by Moritz Muehlenhoff at 2020-10-05T11:20:49+02:00
netbeans fixed
mark three sqlite issues as ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28175,6 +28175,7 @@ CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL point
 	NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
 CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name  ...)
 	- sqlite3 3.32.0-1
+	[buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code not present)
 	[jessie] - sqlite3 <no-dsa> (Too intrusive to backport)
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -58415,7 +58416,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an inte
 	NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
 CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite  ...)
 	- sqlite3 3.30.1+fossil191229-1 (bug #946612)
-	[buster] - sqlite3 <no-dsa> (Minor issue)
+	[buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
@@ -58546,7 +58547,7 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
 CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent  ...)
 	- sqlite3 3.30.1+fossil191229-1
-	[buster] - sqlite3 <no-dsa> (Minor issue)
+	[buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
 	[stretch] - sqlite3 <not-affected> (vulnerable code not present)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
@@ -69089,11 +69090,11 @@ CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.
 CVE-2019-17562 (A buffer overflow vulnerability has been found in the baremetal compon ...)
 	NOT-FOR-US: Apache CloudStack
 CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully validate code s ...)
-	- netbeans <unfixed> (unimportant)
-	NOTE: Debian packages updated via apt
+	- netbeans 12.1-1 (unimportant)
+	NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped
 CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL certific ...)
-	- netbeans <unfixed> (unimportant)
-	NOTE: Debian packages updated via apt
+	- netbeans 12.1-1 (unimportant)
+	NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped
 CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
 	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f067e2d1428e7e3e5979f8fca414f859120a32b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f067e2d1428e7e3e5979f8fca414f859120a32b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201005/a5c851b7/attachment.html>