[Git][security-tracker-team/security-tracker][master] Claim poppler in dla-needed.txt update status of remaining packages.

Markus Koschany apo at debian.org
Mon Oct 26 00:40:25 GMT 2020 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6e631b0 by Markus Koschany at 2020-10-26T01:39:55+01:00
Claim poppler in dla-needed.txt update status of remaining packages.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -84,9 +84,10 @@ golang-github-dgrijalva-jwt-go
 golang-golang-x-net-dev
 --
 guacamole-server (Markus Koschany)
-  NOTE: 20201010: Reported my findings to the maintainers and the
+  NOTE: 20201026: Reported my findings to the maintainers and the
   NOTE: security team. Waiting for feedback. CVE is in guacamole-server not in
   NOTE: guacamole-client. Backporting the upstream patch seems viable.
+  NOTE: release will be this week
 --
 junit4 (Abhijith PA)
 --
@@ -97,9 +98,10 @@ lemonldap-ng
   NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby)
 --
 libonig (Markus Koschany)
-  NOTE: 20201002: Fix for CVE-2020-26159 is too trivial. Besides that, please consider
-  NOTE: 20201002: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207
-  NOTE: 20201002: and the other 6/7 CVEs tagged as no-dsa in stretch but fixed in jessie. (utkarsh)
+  NOTE: 20201026: Fix for CVE-2020-26159 is too trivial. Besides that, please consider
+  NOTE: 20201026: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207
+  NOTE: 20201026: and the other 6/7 CVEs tagged as no-dsa in stretch but fixed in jessie. (utkarsh)
+  NOTE: 20201026: release will be this week
 --
 libproxy (Emilio)
   NOTE: 20201026: patch not sanctioned upstream yet (Emilio)
@@ -131,6 +133,8 @@ php-horde-trean
 pluxml
   NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith)
 --
+poppler (Markus Koschany)
+--
 python3.5 (Thorsten Alteholz)
   NOTE: 20201011: testing package
   NOTE: 20201018: recovering from a broken computer :-(



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e631b06d31e0a45811bf19c8d84f296cf17da1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e631b06d31e0a45811bf19c8d84f296cf17da1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201026/8416fb1b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list