[Git][security-tracker-team/security-tracker][master] 2 commits: add wpa

Thorsten Alteholz alteholz at debian.org
Tue Feb 9 21:10:21 GMT 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e646c9c5 by Thorsten Alteholz at 2021-02-09T22:09:57+01:00
add wpa

- - - - -
61d8ef4a by Thorsten Alteholz at 2021-02-09T22:09:59+01:00
mark CVE-2020-28493 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23361,6 +23361,7 @@ CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs
 	TODO: check
 CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDO ...)
 	- jinja2 <unfixed>
+	[stretch] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/pull/1343
 	NOTE: https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
 CVE-2020-28492


=====================================
data/dla-needed.txt
=====================================
@@ -93,6 +93,8 @@ spotweb
   NOTE: 20210122: Upstream fix trivially bypassed, reported under CVE-2021-3286
   NOTE: 20210127: Upstream says "we can fix this but it may take some time", revisit later (Beuc)
 --
+wpa (Thorsten Alteholz)
+--
 xcftools (Markus Koschany)
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle)
   NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b6fd78af933f83bc88285d87b8ecada90dd8364...61d8ef4a8498313fcb15bb6a6bfb2721b4e736df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b6fd78af933f83bc88285d87b8ecada90dd8364...61d8ef4a8498313fcb15bb6a6bfb2721b4e736df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210209/61c9a42b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list