[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2020-25073/plinth as not-affected in stretch.

Tue Jun 21 09:42:27 BST 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
231095f4 by Chris Lamb at 2022-06-21T09:42:01+01:00
Mark CVE-2020-25073/plinth as not-affected in stretch.

- - - - -
93bf53e5 by Chris Lamb at 2022-06-21T09:42:02+01:00
Mark CVE-2021-XXXX/plinth as ignored for stretch LTS; not possible to backport fix due to Django compat.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -83517,7 +83517,7 @@ CVE-2021-XXXX [first_boot: Use session to verify first boot welcome step]
 	- freedombox 21.4.2
 	- plinth <removed>
 	[buster] - plinth 19.1+deb10u2
-	[stretch] - plinth <no-dsa> (Minor issue)
+	[stretch] - plinth <ignored> (Minor issue; Not possible to backport fix due to cookie/session support)
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03
 CVE-2021-29273
@@ -125717,7 +125717,7 @@ CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to e
 CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...)
 	- plinth 20.14
 	[buster] - plinth 19.1+deb10u1
-	[stretch] - plinth <no-dsa> (Minor issue)
+	[stretch] - plinth <not-affected> (in-depth Apache integration added in 0.15.2)
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2
 CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...)


=====================================
data/dla-needed.txt
=====================================
@@ -228,10 +228,6 @@ pdns
 php-horde-turba
   NOTE: 20220603: Programming language: PHP.
 --
-plinth (Chris Lamb)
-  NOTE: 20220529: Programming language: Python.
-  NOTE: 20220524: Follow buster: harmonize with with Debian 10.7 and 10.10 (2 CVEs) (Beuc/front-desk)
---
 postgresql-9.6 (Roberto C. Sánchez)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220523: cf. DSA-5135-1/DSA-5136-1 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3f05b998cd855bf461dcdb23b5f0d027e014d20...93bf53e5ae34af4d26ef198842e3bffbd5330e5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3f05b998cd855bf461dcdb23b5f0d027e014d20...93bf53e5ae34af4d26ef198842e3bffbd5330e5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/023deb05/attachment-0001.htm>
