[Git][security-tracker-team/security-tracker][master] Update tracking of llvm-toolchain packages
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 2 06:23:23 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0468e9d4 by Salvatore Bonaccorso at 2021-02-02T07:22:41+01:00
Update tracking of llvm-toolchain packages
- - - - -
2 changed files:
- data/CVE/list
- data/packages/removed-packages
Changes:
=====================================
data/CVE/list
=====================================
@@ -97272,9 +97272,7 @@ CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsa
NOT-FOR-US: Android
CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
- llvm-toolchain-11 <undetermined>
- - llvm-toolchain-10 <undetermined>
- llvm-toolchain-9 <undetermined>
- - llvm-toolchain-8 <undetermined>
CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
- linux 5.4.13-1
[buster] - linux 4.19.98-1
@@ -145568,10 +145566,10 @@ CVE-2019-2212 (In poisson_distribution of random, there is an out of bounds read
- libc++ <removed>
[stretch] - libc++ <no-dsa> (Minor issue)
[jessie] - libc++ <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
- - llvm-toolchain-6.0 <unfixed>
+ - llvm-toolchain-6.0 <removed>
[buster] - llvm-toolchain-6.0 <ignored> (Minor issue)
[jessie] - llvm-toolchain-6.0 <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
- - llvm-toolchain-8 <unfixed>
+ - llvm-toolchain-8 <removed>
NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
NOTE: https://android.googlesource.com/platform/external/libcxx/+/8260b5d56f6880a29b57f73b7f4866e47e9e4818
NOTE: https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a
=====================================
data/packages/removed-packages
=====================================
@@ -809,3 +809,4 @@ flashplugin-nonfree
golang-1.14
postgresql-12
python3.8
+llvm-toolchain-10
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0468e9d470d9f179c0feddaa007776a39d4a63c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0468e9d470d9f179c0feddaa007776a39d4a63c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210202/6368138d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list