[Git][security-tracker-team/security-tracker][master] Reserve DLA-2423-1 for wireshark

Sat Oct 31 20:32:27 GMT 2020


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
517e55b6 by Adrian Bunk at 2020-10-31T22:31:31+02:00
Reserve DLA-2423-1 for wireshark

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -90298,7 +90298,6 @@ CVE-2019-12296
 	RESERVED
 CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the  ...)
 	- wireshark 2.6.8-1.1 (low; bug #929446)
-	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
@@ -94298,7 +94297,6 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi
 CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...)
 	{DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
-	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-18.html
@@ -94312,7 +94310,6 @@ CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was ad
 CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
 	{DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
-	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-17.html
@@ -94324,7 +94321,6 @@ CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite
 CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...)
 	{DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
-	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-10.html
@@ -94340,7 +94336,6 @@ CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an i
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-11.html
 CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF disse ...)
 	- wireshark 2.6.8-1 (low; bug #926718)
-	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	[jessie] - wireshark <not-affected> (vulnerable code is not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0
@@ -94348,7 +94343,6 @@ CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF
 CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...)
 	{DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
-	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d
@@ -94358,7 +94352,6 @@ CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the Net
 CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...)
 	{DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
-	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Oct 2020] DLA-2423-1 wireshark - security update
+	{CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-12295}
+	[stretch] - wireshark 2.6.8-1.1~deb9u1
 [31 Oct 2020] DLA-2422-1 qtsvg-opensource-src - security update
 	{CVE-2018-19869}
 	[stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/517e55b6769b5a6d1e99e0ea9ee3b45523616f25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/517e55b6769b5a6d1e99e0ea9ee3b45523616f25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201031/f2922425/attachment.html>
