[Git][security-tracker-team/security-tracker][master] Reserve DLA-2856-1 for okular

Mon Dec 27 20:31:28 GMT 2021


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8bbc9c4a by Adrian Bunk at 2021-12-27T22:31:15+02:00
Reserve DLA-2856-1 for okular

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -126240,7 +126240,6 @@ CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link
 	{DLA-2159-1}
 	- okular 4:19.12.3-2 (bug #954891)
 	[buster] - okular 4:17.12.2-2.2+deb10u1
-	[stretch] - okular <no-dsa> (Minor issue)
 	NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
 	NOTE: https://kde.org/info/security/advisory-20200312-1.txt
 	NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Dec 2021] DLA-2856-1 okular - security update
+	{CVE-2020-9359}
+	[stretch] - okular 4:16.08.2-1+deb9u2
 [27 Dec 2021] DLA-2855-1 monit - security update
 	{CVE-2019-11454 CVE-2019-11455}
 	[stretch] - monit 1:5.20.0-6+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -80,8 +80,6 @@ nvidia-graphics-drivers (Markus Koschany)
   NOTE: nvidia-graphics-drivers-legacy-390xx but will ask for more testing on the lts
   NOTE: mailing list tomorrow (apo)
 --
-okular (Adrian Bunk)
---
 paramiko (Utkarsh)
   NOTE: 20211227: CVE-2018-7750 and CVE-2018-1000805 were fixed in DLA-1556-1
   NOTE: 20211227: in jessie but are unfixed in stretch (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bbc9c4ab1f855fd17bc74603f1a16125f73752a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bbc9c4ab1f855fd17bc74603f1a16125f73752a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211227/dcca08ce/attachment.htm>
