[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2020-6097 as no-dsa for Stretch

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79858139 by Thorsten Alteholz at 2020-09-21T10:38:51+02:00
mark CVE-2020-6097 as no-dsa for Stretch

- - - - -
aa681846 by Thorsten Alteholz at 2020-09-21T10:38:52+02:00
mark CVE-2020-24750 as no-dsa for Stretch

- - - - -
146a0e1b by Thorsten Alteholz at 2020-09-21T10:38:54+02:00
mark CVE-2020-24890 and CVE-2020-24889 as no-dsa for Stretch

- - - - -
cc8e1cf9 by Thorsten Alteholz at 2020-09-21T10:38:55+02:00
mark CVE-2020-10755 as no-dsa for all affected packages in Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1960,10 +1960,12 @@ CVE-2020-24891
 CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...)
 	- libraw <unfixed>
 	[buster] - libraw <no-dsa> (Minor issue)
+	[stretch] - libraw <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/335
 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...)
 	- libraw <unfixed>
 	[buster] - libraw <no-dsa> (Minor issue)
+	[stretch] - libraw <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/334
 	NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
 CVE-2020-24888
@@ -2250,6 +2252,7 @@ CVE-2020-24751
 CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
 	- jackson-databind <unfixed>
 	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[stretch] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -35168,6 +35171,7 @@ CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder v
 	[jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS)
 	- python-os-brick 3.1.0-1 (low)
 	[buster] - python-os-brick <no-dsa> (Minor issue)
+	[stretch] - python-os-brick <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
 CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
@@ -46857,6 +46861,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free
 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
 	- atftp <unfixed> (bug #970066)
 	[buster] - atftp <no-dsa> (Minor issue)
+	[stretch] - atftp <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
 	- glibc 2.31-2 (low; bug #961452)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aad7bd76a0dc857cd53395095200b3ded21afe1b...cc8e1cf98ac4db7a58d99aa4965d5008ced90838

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aad7bd76a0dc857cd53395095200b3ded21afe1b...cc8e1cf98ac4db7a58d99aa4965d5008ced90838
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200921/cfe65cb0/attachment.html>