[Git][security-tracker-team/security-tracker][master] Reserve DLA-2927-1 for twisted

Sat Feb 19 15:59:54 GMT 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b83aaa91 by Sylvain Beucler at 2022-02-19T16:59:34+01:00
Reserve DLA-2927-1 for twisted

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -136622,14 +136622,12 @@ CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitt
 	{DLA-2145-1}
 	- twisted 18.9.0-7 (bug #953950)
 	[buster] - twisted <no-dsa> (Minor issue)
-	[stretch] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
 	{DLA-2145-1}
 	- twisted 18.9.0-7 (bug #953950)
 	[buster] - twisted <no-dsa> (Minor issue)
-	[stretch] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Feb 2022] DLA-2927-1 twisted - security update
+	{CVE-2020-10108 CVE-2020-10109 CVE-2022-21712}
+	[stretch] - twisted 16.6.0-2+deb9u1
 [18 Feb 2022] DLA-2926-1 zsh - security update
 	{CVE-2021-45444}
 	[stretch] - zsh 5.3.1-4+deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -75,8 +75,6 @@ thunderbird (Emilio)
 --
 tiff (Thorsten Alteholz)
 --
-twisted (Sylvain Beucler)
---
 ujson (Anton)
   NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch
   NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b83aaa9196e69c3ef453453a1639f617684484d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b83aaa9196e69c3ef453453a1639f617684484d2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220219/ffa14e40/attachment-0001.htm>
