[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags for upcoming busybox update in Stretch.

Markus Koschany apo at debian.org
Mon Feb 15 11:04:50 GMT 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97b30da4 by Markus Koschany at 2021-02-15T12:04:28+01:00
Remove no-dsa tags for upcoming busybox update in Stretch.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -171418,7 +171418,6 @@ CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Ha
 CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-3 (low; bug #902724)
-	[stretch] - busybox <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
 CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper N ...)
 	NOT-FOR-US: Galaxy Project Galaxy
@@ -209880,7 +209879,6 @@ CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.
 CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-2 (bug #882258)
-	[stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
 	NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
@@ -211972,7 +211970,6 @@ CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an
 CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-2 (bug #879732)
-	[stretch] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
 	NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431
@@ -282744,13 +282741,11 @@ CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated user
 CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-1 (bug #818497)
-	[stretch] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
 CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0  ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-1 (bug #818499)
-	[stretch] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
 CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...)
@@ -291784,7 +291779,6 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti
 CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox befor ...)
 	{DLA-1445-1 DLA-337-1}
 	- busybox 1:1.27.2-1 (bug #803097)
-	[stretch] - busybox <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2015/10/25/3
 	NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
 	NOTE: https://git.busybox.net/busybox/commit/archival/libarchive/decompress_gunzip.c?id=6bd3fff51aa74e2ee2d87887b12182a3b09792ef
@@ -298773,7 +298767,6 @@ CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password o
 CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-1 (bug #802702)
-	[stretch] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	[squeeze] - busybox <no-dsa> (Minor issue)
 CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97b30da442d534491ad63dd997c940644196e822

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97b30da442d534491ad63dd997c940644196e822
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210215/7c9163ed/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list