[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2021-21240 as no-dsa for Stretch

Sun Feb 14 23:00:22 GMT 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2272d003 by Thorsten Alteholz at 2021-02-14T23:29:42+01:00
mark CVE-2021-21240 as no-dsa for Stretch

- - - - -
db9e2ce0 by Thorsten Alteholz at 2021-02-14T23:43:49+01:00
add openvswitch

- - - - -
c0b7c3e0 by Thorsten Alteholz at 2021-02-14T23:46:43+01:00
mark CVE-2020-35572 as not-affected for Stretch

- - - - -
21c5bf2e by Thorsten Alteholz at 2021-02-14T23:58:41+01:00
add adminer

- - - - -
c256b47b by Thorsten Alteholz at 2021-02-14T23:59:58+01:00
add golang-github-appc-cni

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14468,6 +14468,7 @@ CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding secur
 	NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5)
 CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In httplib ...)
 	- python-httplib2 <unfixed> (bug #982738)
+	[stretch] - python-httplib2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
 	NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0)
 	NOTE: https://github.com/httplib2/httplib2/pull/182
@@ -14948,6 +14949,7 @@ CVE-2020-35574
 	RESERVED
 CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to the defa ...)
 	- adminer 4.7.9-1
+	[stretch] - adminer <not-affected> (Vulnerable code introduced in v4.7.0)
 	NOTE: https://sourceforge.net/p/adminer/bugs-and-features/775/
 	NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-9pgx-gcph-mpqr
 	NOTE: https://github.com/vrana/adminer/commit/5c395afc098e501be3417017c6421968aac477bd (v4.7.9)


=====================================
data/dla-needed.txt
=====================================
@@ -15,6 +15,9 @@ rather than remove/replace existing ones.
 --
 activemq (Abhijith PA)
 --
+adminer
+  NOTE: probably Chris wants to take this package as maintainer/sponsor
+--
 ansible (Markus Koschany)
 --
 busybox (Markus Koschany)
@@ -44,6 +47,8 @@ dnsmasq (Utkarsh)
 firmware-nonfree
   NOTE: 20201207: wait for the update in buster and backport that (Emilio)
 --
+golang-github-appc-cni (Thorsten Alteholz)
+--
 libebml (Thorsten Alteholz)
 --
 libzstd (Utkarsh)
@@ -61,6 +66,8 @@ openldap (Uktarsh)
   NOTE: 20210215: update ready at https://salsa.debian.org/openldap-team/openldap/-/commits/stretch.
   NOTE: 20210215: waiting to see if anything else comes up. (utkarsh)
 --
+openvswitch (Thorsten Alteholz)
+--
 php-horde-text-filter
 -
 python-pysaml2 (Abhijith PA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68a01cf6c22ec5d222c3365bb84ee94a13ab31a2...c256b47bd5d1f064e8869f0c5f0e752aabfc75db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/68a01cf6c22ec5d222c3365bb84ee94a13ab31a2...c256b47bd5d1f064e8869f0c5f0e752aabfc75db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210214/21f83ed1/attachment-0001.html>
