[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-2770-1 for weechat

Thu Sep 30 13:13:00 BST 2021


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7547195e by Adrian Bunk at 2021-09-30T13:49:47+03:00
Reserve DLA-2770-1 for weechat

- - - - -
dd5a5a27 by Adrian Bunk at 2021-09-30T15:11:21+03:00
dla: take taglib

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -109593,13 +109593,11 @@ CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are
 	{DLA-2157-1}
 	- weechat 2.7.1-1
 	[buster] - weechat <no-dsa> (Minor issue)
-	[stretch] - weechat <no-dsa> (Minor issue)
 	NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
 CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...)
 	{DLA-2157-1}
 	- weechat 2.7.1-1
 	[buster] - weechat <no-dsa> (Minor issue)
-	[stretch] - weechat <no-dsa> (Minor issue)
 	NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
 CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
 	NOT-FOR-US: LiveZilla Live Chat
@@ -111518,7 +111516,6 @@ CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat thro
 	{DLA-2157-1}
 	- weechat 2.7.1-1 (bug #951289)
 	[buster] - weechat <no-dsa> (Minor issue)
-	[stretch] - weechat <no-dsa> (Minor issue)
 	NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
 CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link  ...)
 	NOT-FOR-US: OpenSearch Web browser


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Sep 2021] DLA-2770-1 weechat - security update
+	{CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516}
+	[stretch] - weechat 1.6-1+deb9u3
 [29 Sep 2021] DLA-2769-1 libxstream-java - security update
 	{CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154}
 	[stretch] - libxstream-java 1.4.11.1-1+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -106,7 +106,7 @@ smarty3
 squashfs-tools (Thorsten Alteholz)
   NOTE: 20210926: coordinate with upload to other releases
 --
-tiff (Utkarsh)
+taglib (Adrian Bunk)
 --
-weechat (Adrian Bunk)
+tiff (Utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54ab6f37f51636e082de1438ea4f5cdc6054fece...dd5a5a27768b29b5a977eb58ed8e5ef45e498f06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54ab6f37f51636e082de1438ea4f5cdc6054fece...dd5a5a27768b29b5a977eb58ed8e5ef45e498f06
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210930/95fef467/attachment.htm>
