[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for ark/Stretch

Fri May 20 13:00:49 BST 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5376d8b1 by Markus Koschany at 2022-05-20T14:00:06+02:00
Remove no-dsa tags for ark/Stretch

- - - - -
b12d98d8 by Markus Koschany at 2022-05-20T14:00:39+02:00
Reserve DLA-3015-1 for ark

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -118546,7 +118546,6 @@ CVE-2020-24655 (A race condition in the Twilio Authy 2-Factor Authentication app
 CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...)
 	{DSA-4759-1}
 	- ark 4:20.08.1-1 (bug #969437)
-	[stretch] - ark <no-dsa> (Vulnerable even after upstream patch)
 	NOTE: https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd
 	NOTE: https://kde.org/info/security/advisory-20200827-1.txt
 CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
@@ -136854,7 +136853,6 @@ CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious serve
 CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...)
 	{DSA-4738-1}
 	- ark 4:20.04.3-1
-	[stretch] - ark <no-dsa> (Intrusive to backport, partial patch for GUI https://people.debian.org/~abhijith/upload/backport_to_1608.patch)
 	NOTE: https://kde.org/info/security/advisory-20200730-1.txt
 	NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
 CVE-2020-16115


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 May 2022] DLA-3015-1 ark - security update
+	{CVE-2020-16116 CVE-2020-24654}
+	[stretch] - ark 4:16.08.3-2+deb9u1
 [18 May 2022] DLA-3014-1 elog - security update
 	{CVE-2020-8659}
 	[stretch] - elog 3.1.2-1-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -28,9 +28,6 @@ ansible
   NOTE: 20220427: Lee Garrett (maintainer) took over the work a while ago. See
   NOTE: 20220427: https://salsa.debian.org/debian/ansible/-/commits/stretch/
 --
-ark (Markus Koschany)
-  NOTE: 20220424: programming language C
---
 asterisk (Abhijith PA)
   NOTE: 20220424: programming language C
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b861b8529c856cd414fb0f9c49439635c0b2bc1c...b12d98d82b911018568e8c2f7b88d50094a41059

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b861b8529c856cd414fb0f9c49439635c0b2bc1c...b12d98d82b911018568e8c2f7b88d50094a41059
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/0bf6947b/attachment.htm>
