Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20e5d55a by Markus Koschany at 2020-07-01T09:01:07+02:00
Claim tomcat8 in dla-needed.txt
- - - - -
731417d2 by Markus Koschany at 2020-07-01T09:03:16+02:00
Remove no-dsa tags for squid3.
Will be fixed with the upcoming security release 3.5.23-5+deb9u2
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -98314,7 +98314,6 @@ CVE-2018-19132 (Squid before 4.4, when SNMP is enabled,
allows a denial of servi
{DLA-1596-1}
- squid 4.4-1 (low; bug #912294)
- squid3 <removed> (low)
- [stretch] - squid3 <postponed> (Can be fixed along in a future DSA)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
NOTE: 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
NOTE: 4.x:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch
@@ -220337,7 +220336,6 @@ CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before
4.0.8 improperly perform b
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in
icmp/Icmp6.c ...)
- squid3 3.5.16-1 (bug #819783)
- [jessie] - squid3 <no-dsa> (Minor issue)
[wheezy] - squid3 <no-dsa> (Minor issue)
- squid 4.1-1
[wheezy] - squid <no-dsa> (Minor issue)
@@ -224109,7 +224107,6 @@ CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and
4.x before 4.0.7 proceeds
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15
and 4.x ...)
- squid3 3.5.15-1 (bug #816011)
- [jessie] - squid3 <no-dsa> (Minor issue, needs substantial backporting;
too intrusive to backport)
[wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting;
too intrusive to backport)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
@@ -224120,7 +224117,6 @@ CVE-2016-2570 (The Edge Side Includes (ESI) parser in
Squid 3.x before 3.5.15 an
NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly
append ...)
- squid3 3.5.15-1 (bug #816011)
- [jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting;
too intrusive to backport)
[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting;
too intrusive to backport)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
=====================================
data/dla-needed.txt
=====================================
@@ -122,7 +122,7 @@ sympa
NOTE: 20200604: the non-public patch is being discussed internally. (utkarsh)
NOTE: 20200604: shall process the upload once the confirmation is given.
(utkarsh)
--
-tomcat8
+tomcat8 (Markus Koschany)
--
tzdata
NOTE: 20200514: LTS update must wait on oldstable update first (via point
release) to prevent newer version in LTS (roberto)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9af3f9e9f5a7b360f9aba6cc5e153ce2de7ac878...731417d2034d30b664e1b4ff743d64717b0c3756
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9af3f9e9f5a7b360f9aba6cc5e153ce2de7ac878...731417d2034d30b664e1b4ff743d64717b0c3756
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
