Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 20e5d55a by Markus Koschany at 2020-07-01T09:01:07+02:00 Claim tomcat8 in dla-needed.txt - - - - - 731417d2 by Markus Koschany at 2020-07-01T09:03:16+02:00 Remove no-dsa tags for squid3. Will be fixed with the upcoming security release 3.5.23-5+deb9u2 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -98314,7 +98314,6 @@ CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of servi {DLA-1596-1} - squid 4.4-1 (low; bug #912294) - squid3 <removed> (low) - [stretch] - squid3 <postponed> (Can be fixed along in a future DSA) NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt NOTE: 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch NOTE: 4.x: http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch @@ -220337,7 +220336,6 @@ CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform b NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.c ...) - squid3 3.5.16-1 (bug #819783) - [jessie] - squid3 <no-dsa> (Minor issue) [wheezy] - squid3 <no-dsa> (Minor issue) - squid 4.1-1 [wheezy] - squid <no-dsa> (Minor issue) @@ -224109,7 +224107,6 @@ CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...) - squid3 3.5.15-1 (bug #816011) - [jessie] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport) [wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport) - squid <not-affected> (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt @@ -224120,7 +224117,6 @@ CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 an NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy). CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...) - squid3 3.5.15-1 (bug #816011) - [jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport) [wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport) - squid <not-affected> (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt ===================================== data/dla-needed.txt ===================================== @@ -122,7 +122,7 @@ sympa NOTE: 20200604: the non-public patch is being discussed internally. (utkarsh) NOTE: 20200604: shall process the upload once the confirmation is given. (utkarsh) -- -tomcat8 +tomcat8 (Markus Koschany) -- tzdata NOTE: 20200514: LTS update must wait on oldstable update first (via point release) to prevent newer version in LTS (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9af3f9e9f5a7b360f9aba6cc5e153ce2de7ac878...731417d2034d30b664e1b4ff743d64717b0c3756 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9af3f9e9f5a7b360f9aba6cc5e153ce2de7ac878...731417d2034d30b664e1b4ff743d64717b0c3756 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits