[Git][security-tracker-team/security-tracker][master] 3 commits: lts: CVE-2020-16044/thunderbird postponed in stretch

Fri Jan 15 10:08:19 GMT 2021


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f21f862 by Emilio Pozuelo Monfort at 2021-01-15T11:07:55+01:00
lts: CVE-2020-16044/thunderbird postponed in stretch

- - - - -
c58d910b by Emilio Pozuelo Monfort at 2021-01-15T11:07:55+01:00
lts: triage CVE-2020-26298/ruby-redcarpet

- - - - -
7209eb4d by Emilio Pozuelo Monfort at 2021-01-15T11:07:56+01:00
lts: CVE-2021-21261/flatpak n/a in stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2175,6 +2175,7 @@ CVE-2021-24122 (When serving resources from a network location using the NTFS fi
 CVE-2021-21261 (Flatpak is a system for building, distributing, and running sandboxed  ...)
 	{DSA-4830-1}
 	- flatpak 1.8.5-1
+	[stretch] - flatpak <not-affected> (app portal introduced in 0.11.4)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
 	NOTE: Fixed by:
 	NOTE: https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486
@@ -47444,6 +47445,7 @@ CVE-2020-16044
 	- firefox-esr 78.6.1esr-1
 	- thunderbird <unfixed>
 	[buster] - thunderbird <postponed> (Minor issue, wait until next Mozilla security cycle)
+	[stretch] - thunderbird <postponed> (Minor issue, wait until next Mozilla security cycle)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/#CVE-2020-16044
 CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -112,6 +112,8 @@ ruby-kaminari
   NOTE: 20201009: This (↑) is an app-level patch for a rails app. A library-level patch
   NOTE: 20201009: will needed to be written. Opened an issue at upstream, though somewhat inactive. (utkarsh)
 --
+ruby-redcarpet (Utkarsh)
+--
 shiro (Roberto C. Sánchez)
   NOTE: 20200920: WIP
   NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a53fa4eb0f2bcacedf475e50e0f6c4e0075e5370...7209eb4dbf77f64c75b93c186475b99dfc8f1d01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a53fa4eb0f2bcacedf475e50e0f6c4e0075e5370...7209eb4dbf77f64c75b93c186475b99dfc8f1d01
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210115/82ed0988/attachment.html>
