[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags for upcoming libxml2 update.

Markus Koschany apo at debian.org
Wed Sep 9 22:14:40 BST 2020 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0976f993 by Markus Koschany at 2020-09-09T23:13:48+02:00
Remove no-dsa tags for upcoming libxml2 update.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41696,7 +41696,6 @@ CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execut
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
 	- libxml2 2.9.10+dfsg-2.1 (bug #949582)
 	[buster] - libxml2 <no-dsa> (Minor issue)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
@@ -41952,7 +41951,6 @@ CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/conf
 CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
 	- libxml2 2.9.10+dfsg-2.1 (bug #949583)
 	[buster] - libxml2 <no-dsa> (Minor issue)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a
 CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
@@ -51203,7 +51201,6 @@ CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before
 	[experimental] - libxml2 2.9.10+dfsg-1
 	- libxml2 2.9.10+dfsg-2
 	[buster] - libxml2 <no-dsa> (Minor issue)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (v2.9.10-rc1)
 CVE-2019-19955
@@ -131204,7 +131201,6 @@ CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers t
 	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
 	- libxml2 2.9.10+dfsg-2
 	[buster] - libxml2 <no-dsa> (Minor issue)
-	[stretch] - libxml2 <postponed> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
 CVE-2018-14566
@@ -131699,7 +131695,6 @@ CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:x
 	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
 	- libxml2 2.9.10+dfsg-2 (low; bug #901817)
 	[buster] - libxml2 <no-dsa> (Minor issue)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
@@ -145514,7 +145509,6 @@ CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows r
 	[experimental] - libxml2 2.9.7+dfsg-1
 	- libxml2 2.9.10+dfsg-2 (low; bug #895245)
 	[buster] - libxml2 <no-dsa> (Minor issue)
-	[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
 	[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
@@ -197732,7 +197726,6 @@ CVE-2017-8873
 	RESERVED
 CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...)
 	- libxml2 2.9.4+dfsg1-6.1 (bug #862450)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
 	[wheezy] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0976f9932ac0e4422aedb56147ff6c9937458f19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0976f9932ac0e4422aedb56147ff6c9937458f19
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200909/ecd44a63/attachment.html>

More information about the debian-security-tracker-commits mailing list