Mike Gabriel pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b686d26c by Mike Gabriel at 2020-08-15T15:00:39+02:00
data/CVE/list: wireshark/stretch not affected by CVE-2020-17499
- - - - -
8959c85e by Mike Gabriel at 2020-08-15T15:05:53+02:00
data/dla-needed.txt: add yubico-piv-tool
- - - - -
fa6f220f by Mike Gabriel at 2020-08-15T15:14:33+02:00
data/CVE/list: mark CVE-2020-2433{0,1,2}/trousers/stretch as <ignored>.
Service does not get launched as root.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -54,16 +54,19 @@ CVE-2020-24333
RESERVED
CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the
tcsd daemon ...)
- trousers <unfixed>
+ [stretch] - trousers <ignored> (tss service gets started as non-root
user via init script)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the
tcsd daemon ...)
- trousers <unfixed>
+ [stretch] - trousers <ignored> (tss service gets started as non-root
user via init script)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the
tcsd daemon ...)
- trousers <unfixed>
+ [stretch] - trousers <ignored> (tss service gets started as non-root
user via init script)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
@@ -13737,6 +13740,7 @@ CVE-2020-17499
RESERVED
CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector
could crash. ...)
- wireshark 3.2.6-1
+ [stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not
present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html
=====================================
data/dla-needed.txt
=====================================
@@ -187,3 +187,7 @@ xcftools
NOTE: 20200523: Proposed fix https://github.com/j-jorge/xcftools/pull/15
(gladk)
NOTE: 20200605: Patch
https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch
(gladk)
--
+yubico-piv-tool
+ NOTE: 20200815: About CVE-2020-13131. Blog post available, but patch URLs
seemingly not provided.
+ NOTE: 20200815: Needs deeper research. (sunweaver)
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d17f9ed798f9a298678e389a2ca3834947e1b9...fa6f220f759eae6570e41004db5a9bf6851975a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d17f9ed798f9a298678e389a2ca3834947e1b9...fa6f220f759eae6570e41004db5a9bf6851975a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
