[Git][security-tracker-team/security-tracker][master] stretch triage

Wed Oct 7 11:10:30 BST 2020


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33833a83 by Abhijith PA at 2020-10-07T15:39:55+05:30
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -495,16 +495,19 @@ CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 la
 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a  ...)
 	- opensc <unfixed>
 	[buster] - opensc <no-dsa> (Minor issue)
+	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
 	NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
 	- opensc <unfixed>
 	[buster] - opensc <no-dsa> (Minor issue)
+	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
 	TODO: check, unclear fixing commit
 CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
 	- opensc <unfixed>
 	[buster] - opensc <no-dsa> (Minor issue)
+	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
 	NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
 CVE-2020-26569


=====================================
data/dla-needed.txt
=====================================
@@ -170,6 +170,10 @@ slirp
   NOTE: CVE-2020-7039 to be applied patched first, as they both patch
   NOTE: the same lines of code in tcp_subr.c (bam).
 --
+spice
+--
+spice-gtk
+--
 sympa (Sylvain Beucler)
   NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh)
   NOTE: 20200525: But that is weird, given their announcement. (utkarsh)
@@ -188,6 +192,8 @@ thunderbird (Emilio)
 tinymce (Abhijith PA)
   NOTE: 20201003: relevant commits are hard to chase down (abhijith)
 --
+wireshark
+--
 xcftools
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle)
   NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33833a8339dc954c8771f0d6f457b8338ea6f1b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33833a8339dc954c8771f0d6f457b8338ea6f1b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201007/578493ab/attachment-0001.html>
