[Git][security-tracker-team/security-tracker][master] CVE-2020-24583 and CVE-2020-24584 require Python 3.7+ to be vulnerable.

Chris Lamb lamby at debian.org
Wed Sep 2 11:40:08 BST 2020 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83df4026 by Chris Lamb at 2020-09-02T11:38:36+01:00
CVE-2020-24583 and CVE-2020-24584 require Python 3.7+ to be vulnerable.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1000,12 +1000,14 @@ CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable)
 CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
 	- python-django 2:2.2.16-1 (bug #969367)
+	[stretch] - python-django <not-affected> (Requires Python 3.7+)
 	NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master)
 	NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1)
 	NOTE: https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554 (3.0.10)
 	NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16)
 CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
 	- python-django 2:2.2.16-1 (bug #969367)
+	[stretch] - python-django <not-affected> (Requires Python 3.7+)
 	NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master)
 	NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1)
 	NOTE: https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10)


=====================================
data/dla-needed.txt
=====================================
@@ -118,8 +118,6 @@ php-horde-trean (Mike Gabriel)
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
-python-django (Chris Lamb)
---
 qemu (Abhijith PA)
   NOTE: 20200824: currently all are minor issues. Reduce frequent upload (abhijith)
   NOTE: 20200901: CVE-2020-14364 is rather not a minor issue. check for stretch. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83df402630655c0f70218ce33ec988d1bc86ddd5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83df402630655c0f70218ce33ec988d1bc86ddd5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200902/267fa161/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list