[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tagged entries for curl which got an update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 31 11:44:44 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19f5babd by Salvatore Bonaccorso at 2021-03-31T12:43:43+02:00
Remove no-dsa tagged entries for curl which got an update

- - - - -
b2476b53 by Salvatore Bonaccorso at 2021-03-31T12:44:06+02:00
Remove curl from dsa-needed as DSA released

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -81212,20 +81212,17 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow t
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977161)
-	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2020-8286.html
 	NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
 CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977162)
-	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2020-8285.html
 	NOTE: https://github.com/curl/curl/issues/6255
 	NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
 CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0  ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977163)
-	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2020-8284.html
 	NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
 CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...)
@@ -81362,7 +81359,6 @@ CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwi
 CVE-2020-8231 (Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...)
 	{DLA-2382-1}
 	- curl 7.72.0-1 (bug #968831)
-	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
 	NOTE: https://github.com/curl/curl/pull/5824
 	NOTE: https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
@@ -81501,7 +81497,6 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18
 CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...)
 	{DLA-2295-1}
 	- curl 7.72.0-1 (bug #965281)
-	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
 	NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
 CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...)
@@ -81525,7 +81520,6 @@ CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6
 	NOT-FOR-US: AirMax AirOS
 CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure  ...)
 	- curl 7.72.0-1 (bug #965280)
-	[buster] - curl <no-dsa> (Minor issue)
 	[stretch] - curl <not-affected> (Vulnerable code introduced later)
 	[jessie] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html


=====================================
data/dsa-needed.txt
=====================================
@@ -17,8 +17,6 @@ condor
 chromium
   Package was prepared by Michel Le Bihan (already uploaded), needd review for DSA release
 --
-curl (ghedo)
---
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/181f199879bcf5afe56df80f6996927503512301...b2476b5300c0a0dbe2cedfb2aac1a6d62cb1472b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/181f199879bcf5afe56df80f6996927503512301...b2476b5300c0a0dbe2cedfb2aac1a6d62cb1472b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210331/4047c91a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list