[Git][security-tracker-team/security-tracker][master] Reserve DLA-2527-1 for snapd
Brian May
bam at debian.org
Sun Jan 17 21:17:54 GMT 2021
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17c1f2b5 by Brian May at 2021-01-18T08:17:41+11:00
Reserve DLA-2527-1 for snapd
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Jan 2021] DLA-2527-1 snapd - security update
+ {CVE-2019-11840}
+ [stretch] - snapd 2.21-2+deb9u1
[15 Jan 2021] DLA-2526-1 ruby-redcarpet - security update
{CVE-2020-26298}
[stretch] - ruby-redcarpet 3.3.4-2+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -124,11 +124,6 @@ slirp (pu-Thorsten Alteholz)
NOTE: update has to done in sid->buster->stretch
NOTE: 20200401: waiting for pu
--
-snapd (Brian May)
- NOTE: Needs rebuild for CVE-2019-11840 in golang-go.crypto.
- NOTE: Problems with upload.
- NOTE: 2020-01-13 Still waiting for response from ftp-master.
---
spotweb
NOTE: 20201220: The affected code (PHP!) uses string concatenation to construct a SQL query.
NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c1f2b550eb4e91ddea88edaab75c55f2d5ecd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c1f2b550eb4e91ddea88edaab75c55f2d5ecd5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210117/cd99200a/attachment.html>
More information about the debian-security-tracker-commits
mailing list