[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-25638,libhibernate3-java: Fixed in unstable

Sun Jan 3 20:46:53 GMT 2021


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f05056ed by Markus Koschany at 2021-01-03T21:45:43+01:00
CVE-2020-25638,libhibernate3-java: Fixed in unstable

- - - - -
025649c3 by Markus Koschany at 2021-01-03T21:46:43+01:00
Reserve DLA-2512-1 for libhibernate3-java

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19380,7 +19380,7 @@ CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
 CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including  ...)
-	- libhibernate3-java <unfixed>
+	- libhibernate3-java 3.6.10.Final-11
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353
 	NOTE: Fixed by https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78
 CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Jan 2021] DLA-2512-1 libhibernate3-java - security update
+	{CVE-2020-25638}
+	[stretch] - libhibernate3-java 3.6.10.Final-6+deb9u1
 [30 Dec 2020] DLA-2511-1 highlight.js - security update
 	{CVE-2020-26237}
 	[stretch] - highlight.js 8.2+ds-5+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -73,9 +73,6 @@ intel-microcode
   NOTE: 20201122: Utkarsh will upload once its confirmed that there is no regression
   NOTE: 20201122: and is actively tracking it. (utkarsh)
 --
-libhibernate3-java (Markus Koschany)
-  NOTE: 20201115: No patch yet; unsure if version in LTS is vulnerable. (lamby)
---
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aefa9b1ddc628526f19e14870474d9863e29c915...025649c3b08ee912161a0297a7002ba1676fb94a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aefa9b1ddc628526f19e14870474d9863e29c915...025649c3b08ee912161a0297a7002ba1676fb94a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210103/a9f39b0e/attachment.html>
