[Git][security-tracker-team/security-tracker][master] stretch triage
Abhijith PA
abhijith at debian.org
Sun Mar 7 20:12:07 GMT 2021
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a055a404 by Abhijith PA at 2021-03-08T01:41:45+05:30
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6569,6 +6569,7 @@ CVE-2021-25289
RESERVED
- pillow 8.1.1-1
[buster] - pillow <not-affected> (Vulnerable code not present)
+ [stretch] - pillow <not-affected> (Vulnerable code not present)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
CVE-2021-25288
RESERVED
@@ -66338,10 +66339,12 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
NOTE: CVE is closely related to CVE-2020-1957.
CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
- xmlgraphics-commons <unfixed>
- TODO: check fixing commits
+ [stretch] - xmlgraphics-commons <no-dsa> (Minor issue)
+ NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183.patch
CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...)
- batik <unfixed>
- TODO: check fixing commits
+ [stretch] - batik <no-dsa> (Minor issue)
+ NOTE: https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6.patch
CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...)
- netbeans 12.1-1
[stretch] - netbeans <no-dsa> (Minor issue)
=====================================
data/dla-needed.txt
=====================================
@@ -74,6 +74,10 @@ opendmarc
--
php-pear (Ola Lundqvist)
--
+pillow (Abhijith PA)
+--
+privoxy (Abhijith PA)
+--
python3.5
NOTE: 20210217: Fairly invasive change, changing/augmenting API of standard library. (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a055a404512e4d2636a4736f870d7325fb6842ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a055a404512e4d2636a4736f870d7325fb6842ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210307/7cd0e64b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list