[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Mon Oct 19 22:24:52 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82afcf5a by Moritz Muehlenhoff at 2020-10-19T23:24:35+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2436,6 +2436,7 @@ CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended
 	NOTE: https://github.com/dgrijalva/jwt-go/pull/426
 CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expressi ...)
 	- libonig <unfixed> (bug #972113)
+	[buster] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
 	NOTE: https://github.com/kkos/oniguruma/issues/207
 CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
@@ -130186,6 +130187,7 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH p
 	NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
 CVE-2018-16848 (A Denial of Service (DoS) condition is possible in OpenStack Mistral i ...)
 	- mistral 10.0.0~rc1-2
+	[buster] - mistral <no-dsa> (Minor issue)
 	[stretch] - mistral <end-of-life> (OpenStack component; not supported in stretch LTS)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
 	NOTE: https://bugs.launchpad.net/mistral/%2Bbug/1785657


=====================================
data/dsa-needed.txt
=====================================
@@ -23,8 +23,12 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
+mariadb-10.3 (jmm)
+--
 netty
 --
+pdns-recursor
+--
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82afcf5a51f8fb42b17b08fcd67c5aea70048ce0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82afcf5a51f8fb42b17b08fcd67c5aea70048ce0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201019/c2c60f0c/attachment.html>

More information about the debian-security-tracker-commits mailing list