[Git][security-tracker-team/security-tracker][master] Reserve DLA-2596-1 for shadow

Sylvain Beucler beuc at debian.org
Wed Mar 17 12:43:39 GMT 2021



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
208e4bad by Sylvain Beucler at 2021-03-17T13:42:41+01:00
Reserve DLA-2596-1 for shadow

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -226377,7 +226377,6 @@ CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before
 	NOTE: which becomes ineffective with a fixed git version itself.
 CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...)
 	- shadow 1:4.5-1 (bug #756630)
-	[stretch] - shadow <no-dsa> (Minor issue)
 	[jessie] - shadow <no-dsa> (Minor issue)
 	[wheezy] - shadow <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Mar 2021] DLA-2596-1 shadow - security update
+	{CVE-2017-12424 CVE-2017-20002}
+	[stretch] - shadow 1:4.4-4.1+deb9u1
 [17 Mar 2021] DLA-2595-1 velocity - security update
 	{CVE-2020-13936}
 	[stretch] - velocity 1.7-5+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -114,9 +114,6 @@ ruby-kaminari
 --
 salt (Utkarsh)
 --
-shadow (Sylvain Beucler)
-  NOTE: 20210316: found new CVE, discussing with secteam
---
 shiro (Roberto C. Sánchez)
   NOTE: 20200920: WIP
   NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208e4bada27be34981136dca493ff99572f302d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208e4bada27be34981136dca493ff99572f302d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210317/77c9a8e4/attachment.htm>


More information about the debian-security-tracker-commits mailing list