[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2020-28463in python-reportlab for stretch LTS.

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c03f63c2 by Chris Lamb at 2021-02-20T10:09:01+00:00
Triage CVE-2020-28463in python-reportlab for stretch LTS.

- - - - -
dc717581 by Chris Lamb at 2021-02-20T10:11:01+00:00
Triage CVE-2021-27138 and CVE-2021-27097 for u-boot for stretch LTS.

- - - - -
86db49ac by Chris Lamb at 2021-02-20T10:12:00+00:00
Triage CVE-2021-26717 in asterisk for stretch LTS.

- - - - -
69977b5e by Chris Lamb at 2021-02-20T10:13:42+00:00
data/dla-needed.txt: Triage jackson-dataformat-cbor for stretch LTS (CVE-2020-28491).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -800,6 +800,7 @@ CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2
 CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...)
 	- u-boot <unfixed>
 	[buster] - u-boot <no-dsa> (Minor issue)
+	[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
 	NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
 	NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
 	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
@@ -892,6 +893,7 @@ CVE-2021-27098
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
 	- u-boot <unfixed>
 	[buster] - u-boot <no-dsa> (Minor issue)
+	[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
 	NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
 	NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
 	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
@@ -1753,6 +1755,7 @@ CVE-2021-26718
 CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x  ...)
 	- asterisk <unfixed> (bug #983157)
 	[buster] - asterisk <not-affected> (Introduced in 16.15.0)
+	[stretch] - asterisk <not-affected> (Introduced in 16.15.0)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26716
 	RESERVED
@@ -24928,6 +24931,7 @@ CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the sc
 CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...)
 	- python-reportlab <unfixed>
 	[buster] - python-reportlab <no-dsa> (Minor issue)
+	[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
 	NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
 CVE-2020-28462
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -60,6 +60,8 @@ golang-gogoprotobuf
 guacamole-server
   NOTE: 20210217: Note may affect guacamole-client too (see note on security tracker). (lamby)
 --
+jackson-dataformat-cbor
+--
 libebml (Thorsten Alteholz)
 --
 libzstd (Utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8347d115940b73610d69cd2c0b6e9cdebf247666...69977b5ec822a857a0ffec76a8bf3ab46c3b1ee2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8347d115940b73610d69cd2c0b6e9cdebf247666...69977b5ec822a857a0ffec76a8bf3ab46c3b1ee2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210220/7cf4d0eb/attachment-0001.html>