[Git][security-tracker-team/security-tracker][master] Postpone CVE-2021-42917 for stretch

[Adrian Bunk (@bunk)]

Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5ffd413 by Adrian Bunk at 2021-11-21T21:22:14+02:00
Postpone CVE-2021-42917 for stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4767,6 +4767,7 @@ CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows at
 	- kodi 2:19.3+dfsg1-1 (bug #998419)
 	[bullseye] - kodi <no-dsa> (Minor issue)
 	[buster] - kodi <no-dsa> (Minor issue)
+	[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
 	- xbmc <removed>
 	NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
 	NOTE: https://github.com/xbmc/xbmc/issues/20305


=====================================
data/dla-needed.txt
=====================================
@@ -48,8 +48,6 @@ gpac (Roberto C. Sánchez)
   NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto)
   NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)
 --
-kodi (Adrian Bunk)
---
 libgit2 (Utkarsh)
   NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed
   NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5ffd41309bff2d509ef6bb600a2032a360f8fa5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5ffd41309bff2d509ef6bb600a2032a360f8fa5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211121/6e4db100/attachment.htm>