[Git][security-tracker-team/security-tracker][master] Reserve DLA-2388-1 for nss

Tue Sep 29 15:28:56 BST 2020


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8648affb by Adrian Bunk at 2020-09-29T17:28:20+03:00
Reserve DLA-2388-1 for nss

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -86845,7 +86845,6 @@ CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentat
 	[stretch] - thunderbird 1:60.8.0-1~deb9u1
 	- nss 2:3.45-1
 	[buster] - nss 2:3.42.1-1+deb10u1
-	[stretch] - nss <no-dsa> (Minor issue)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729
@@ -86898,7 +86897,6 @@ CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with lea
 	[stretch] - thunderbird 1:60.8.0-1~deb9u1
 	- nss 2:3.45-1
 	[buster] - nss 2:3.42.1-1+deb10u1
-	[stretch] - nss <no-dsa> (Minor issue)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Sep 2020] DLA-2388-1 nss - security update
+	{CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729 CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403}
+	[stretch] - nss 2:3.26.2-1.1+deb9u2
 [28 Sep 2020] DLA-2387-1 firefox-esr - security update
 	{CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
 	[stretch] - firefox-esr 78.3.0esr-1~deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -100,10 +100,6 @@ mumble
   NOTE: 20200504: discussion going on with team at security.debian.org and mumble maintainer (abhijith)
   NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg00008.html (abhijith)
 --
-nss (Adrian Bunk)
-  NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
-  NOTE: 20200928: testing fixed package (bunk)
---
 open-build-service (Utkarsh Gupta)
   NOTE: 20200928: in touch with upstream - still figuring out the best way to backport. (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8648affbd980e753a09cb82026634d2c33a3a032

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8648affbd980e753a09cb82026634d2c33a3a032
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200929/c4d69244/attachment-0001.html>
