Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08cbb2ff by Thorsten Alteholz at 2020-12-06T17:04:06+01:00
mark CVE-2020-27818 as no-dsa for Stretch
- - - - -
6f10c86e by Thorsten Alteholz at 2020-12-06T17:05:17+01:00
mark CVE-2020-27821 as postponed for Stretch
- - - - -
9a70de2d by Thorsten Alteholz at 2020-12-06T17:09:56+01:00
mark CVE-2020-29562 as no-dsa for Stretch
- - - - -
7e763b66 by Thorsten Alteholz at 2020-12-06T17:10:35+01:00
mark CVE-2020-29573 as no-dsa for Stretch
- - - - -
8725f0a1 by Thorsten Alteholz at 2020-12-06T17:14:02+01:00
add golang-websocket
- - - - -
10f47fcf by Thorsten Alteholz at 2020-12-06T17:17:00+01:00
mark CVE-2020-17521 as no-dsa for Stretch
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36,6 +36,7 @@ CVE-2020-29574
RESERVED
CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or
libc6) befo ...)
- glibc <unfixed>
+ [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26649
NOTE:
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
NOTE:
https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61
@@ -64,6 +65,7 @@ CVE-2020-29563
RESERVED
CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6)
2.30 to 2 ...)
- glibc <unfixed> (bug #976391)
+ [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26923
NOTE:
https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html
CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR,
it does ...)
@@ -6885,6 +6887,7 @@ CVE-2020-27822
CVE-2020-27821 [heap buffer overflow in msix_table_mmio_write() in
hw/pci/msix.c]
RESERVED
- qemu <unfixed>
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
CVE-2020-27820 [use-after-free in nouveau kernel module]
RESERVED
@@ -6897,6 +6900,7 @@ CVE-2020-27818
RESERVED
- pngcheck 2.3.0-13 (bug #976350)
[buster] - pngcheck <no-dsa> (Minor issue)
+ [stretch] - pngcheck <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
NOTE: Patch applied in Fedora:
https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
CVE-2020-27817
@@ -29095,6 +29099,7 @@ CVE-2020-17522
CVE-2020-17521 [Information Disclosure]
RESERVED
- groovy <unfixed>
+ [stretch] - groovy <no-dsa> (Minor issue)
- groovy2 <removed>
NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1
=====================================
data/dla-needed.txt
=====================================
@@ -51,6 +51,8 @@ firmware-nonfree (Emilio)
--
golang-golang-x-net-dev
--
+golang-websocket
+--
influxdb
--
intel-microcode
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4fb490c27e8bfa2c7a60c775a19d2598a708c18...10f47fcfa30572abf1b592aea6b69ac285529086
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d4fb490c27e8bfa2c7a60c775a19d2598a708c18...10f47fcfa30572abf1b592aea6b69ac285529086
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
