[Git][security-tracker-team/security-tracker][master] 6 commits: add python-pysaml2

Thorsten Alteholz alteholz at debian.org
Fri Jan 22 23:48:33 GMT 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a58bf32f by Thorsten Alteholz at 2021-01-23T00:48:13+01:00
add python-pysaml2

- - - - -
feb20eae by Thorsten Alteholz at 2021-01-23T00:48:14+01:00
mark CVE-2020-35652 as no-dsa for Stretch

- - - - -
07c34afb by Thorsten Alteholz at 2021-01-23T00:48:14+01:00
add ffmpeg

- - - - -
d22fd091 by Thorsten Alteholz at 2021-01-23T00:48:16+01:00
mark CVE-2021-3028 as no-dsa for Stretch

- - - - -
42ea5ef3 by Thorsten Alteholz at 2021-01-23T00:48:17+01:00
mark CVE-2021-20190 as no-dsa for Stretch

- - - - -
63a4a42f by Thorsten Alteholz at 2021-01-23T00:48:18+01:00
mark CVE-2020-29443 as postponed for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6974,6 +6974,7 @@ CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Ima
 CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...)
 	- git-big-picture 1.0.0-1
 	[buster] - git-big-picture <no-dsa> (Minor issue)
+	[stretch] - git-big-picture <no-dsa> (Minor issue)
 	NOTE: https://github.com/git-big-picture/git-big-picture/pull/62
 CVE-2021-22696
 	RESERVED
@@ -10755,6 +10756,7 @@ CVE-2020-35652 [remote crash in res_pjsip_diversion]
 	RESERVED
 	- asterisk 1:16.15.1~dfsg-1 (bug #979372)
 	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29191
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29219
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003.html
@@ -13559,6 +13561,7 @@ CVE-2021-20191
 CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[stretch] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -17344,6 +17347,7 @@ CVE-2020-29444
 CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...)
 	- qemu <unfixed>
 	[buster] - qemu <postponed> (Fix along in future DSA)
+	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/18/2


=====================================
data/dla-needed.txt
=====================================
@@ -42,6 +42,8 @@ f2fs-tools (Abhijith PA)
   NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0 and 1.13.0, but it is not trivial to
   NOTE: 20200815: to detect which of the patches correlates to the CVE. Contacting upstream might be necessary. (sunweaver)
 --
+ffmpeg
+--
 firmware-nonfree
   NOTE: 20201207: wait for the update in buster and backport that (Emilio)
 --
@@ -84,6 +86,8 @@ openjpeg2 (Thorsten Alteholz)
   NOTE: 20201220: more CVEs appeared
   NOTE: 20210117: testing package
 --
+python-pysaml2
+--
 ruby-actionpack-page-caching (Brian May)
   NOTE: 20200819: Upstream's patch on does not apply due to subsequent
   NOTE: 20200819: refactoring. However, a quick look at the private



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4b48072a41d14e67afd90a5f8948b8270a290cdd...63a4a42f5df8fc3030ad1422c54ef7cee6932367

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4b48072a41d14e67afd90a5f8948b8270a290cdd...63a4a42f5df8fc3030ad1422c54ef7cee6932367
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210122/4c5d239a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list