[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-27818,pngcheck: remove no-dsa tag

Sun May 29 14:51:30 BST 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3da091c by Markus Koschany at 2022-05-29T15:50:38+02:00
CVE-2020-27818,pngcheck: remove no-dsa tag

- - - - -
3ea61485 by Markus Koschany at 2022-05-29T15:51:20+02:00
Reserve DLA-3032-1 for pngcheck

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -112096,7 +112096,6 @@ CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 whe
 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...)
 	- pngcheck 2.3.0-13 (bug #976350)
 	[buster] - pngcheck 2.3.0-7+deb10u1
-	[stretch] - pngcheck <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
 	NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
 CVE-2020-27817


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 May 2022] DLA-3032-1 pngcheck - security update
+	{CVE-2020-27818}
+	[stretch] - pngcheck 2.3.0-7+deb9u1
 [28 May 2022] DLA-3031-1 modsecurity-apache - security update
 	{CVE-2021-42717}
 	[stretch] - modsecurity-apache 2.9.1-2+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -200,9 +200,6 @@ pjproject (Abhijith PA)
 plinth
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.7 and 10.10 (2 CVEs) (Beuc/front-desk)
 --
-pngcheck (Markus Koschany)
-  NOTE: 20220524: Follow buster: harmonize with with Debian 10.8 (1 CVE) (Beuc/front-desk)
---
 postgresql-9.6
   NOTE: 20220523: cf. DSA-5135-1/DSA-5136-1 (Beuc/front-desk)
   NOTE: 20220523: 9.6 is EOL'd upstream (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7ab02af6214c7135b9f3565e852324d23a3b873...3ea614852a5a17170adc04946c1eb2bed4164f3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7ab02af6214c7135b9f3565e852324d23a3b873...3ea614852a5a17170adc04946c1eb2bed4164f3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220529/f1ff4552/attachment.htm>
