[Git][security-tracker-team/security-tracker][master] 4 commits: add ruby-gon

Thu Sep 24 14:17:42 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
adc3b7ef by Thorsten Alteholz at 2020-09-24T15:09:19+02:00
add ruby-gon

- - - - -
f8454d9b by Thorsten Alteholz at 2020-09-24T15:11:45+02:00
mark CVE-2020-11986 as no-dsa for Stretch

- - - - -
26cf0ecd by Thorsten Alteholz at 2020-09-24T15:13:36+02:00
add brotli

- - - - -
4088557d by Thorsten Alteholz at 2020-09-24T15:17:17+02:00
mark CVE-2020-5421 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -31111,6 +31111,7 @@ CVE-2020-11987
 	RESERVED
 CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...)
 	- netbeans <unfixed>
+	[stretch] - netbeans <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2
 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...)
 	- apache2 2.4.25-1
@@ -48946,6 +48947,7 @@ CVE-2020-5422
 	RESERVED
 CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
 	- libspring-java <unfixed>
+	[stretch] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://tanzu.vmware.com/security/cve-2020-5421
 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
 	NOT-FOR-US: Cloud Foundry


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ ark
   NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith)
   NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible with the old architecture (abhijith)
 --
+brotli
+--
 cacti
   NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith)
   NOTE: 20200620: WIP (abhijith)
@@ -151,6 +153,8 @@ ruby-doorkeeper
   NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh)
   NOTE: 20200831: more investigation needed. (utkarsh)
 --
+ruby-gon
+--
 ruby-json-jwt (Utkarsh)
   NOTE: 20200914: testing against the new reproducer. (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc5df5ddd4919489c57865ce2efca94dd031b894...4088557d524f97528fbd28fb18ca79311b3f66d5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc5df5ddd4919489c57865ce2efca94dd031b894...4088557d524f97528fbd28fb18ca79311b3f66d5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200924/1a942f6b/attachment.html>
