[Git][security-tracker-team/security-tracker][master] openjdk-11

Moritz Muehlenhoff jmm at debian.org
Thu Oct 22 15:35:43 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a79c74dd by Moritz Muehlenhoff at 2020-10-22T16:35:30+02:00
openjdk-11
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4218,10 +4218,12 @@ CVE-2020-25649
 	RESERVED
 	{DLA-2406-1}
 	- jackson-databind 2.11.1-1
+	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
 CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...)
 	- nss 2:3.58-1
+	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)
 	NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
@@ -27151,7 +27153,7 @@ CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise S
 CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 CVE-2020-14802 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
@@ -27162,15 +27164,15 @@ CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14795 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
@@ -27181,7 +27183,7 @@ CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-5.7 <unfixed>
 	- mysql-8.0 <unfixed>
 CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14791 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -27205,17 +27207,17 @@ CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusio
 CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware  ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	- openjdk-15 <unfixed>
+	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14778 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ openjdk-11 (jmm)
 --
 pdns-recursor
 --
+thunderbird (jmm)
+--
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a79c74dd246826a5d4ae76c7cf97f37abd3d509e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a79c74dd246826a5d4ae76c7cf97f37abd3d509e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201022/975d81ff/attachment.html>


More information about the debian-security-tracker-commits mailing list