[Git][security-tracker-team/security-tracker][master] Reserve DLA-2596-1 for shadow
Sylvain Beucler
beuc at debian.org
Wed Mar 17 12:43:39 GMT 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
208e4bad by Sylvain Beucler at 2021-03-17T13:42:41+01:00
Reserve DLA-2596-1 for shadow
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -226377,7 +226377,6 @@ CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before
NOTE: which becomes ineffective with a fixed git version itself.
CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...)
- shadow 1:4.5-1 (bug #756630)
- [stretch] - shadow <no-dsa> (Minor issue)
[jessie] - shadow <no-dsa> (Minor issue)
[wheezy] - shadow <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Mar 2021] DLA-2596-1 shadow - security update
+ {CVE-2017-12424 CVE-2017-20002}
+ [stretch] - shadow 1:4.4-4.1+deb9u1
[17 Mar 2021] DLA-2595-1 velocity - security update
{CVE-2020-13936}
[stretch] - velocity 1.7-5+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -114,9 +114,6 @@ ruby-kaminari
--
salt (Utkarsh)
--
-shadow (Sylvain Beucler)
- NOTE: 20210316: found new CVE, discussing with secteam
---
shiro (Roberto C. Sánchez)
NOTE: 20200920: WIP
NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208e4bada27be34981136dca493ff99572f302d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208e4bada27be34981136dca493ff99572f302d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210317/77c9a8e4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list