Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits: b686d26c by Mike Gabriel at 2020-08-15T15:00:39+02:00 data/CVE/list: wireshark/stretch not affected by CVE-2020-17499 - - - - - 8959c85e by Mike Gabriel at 2020-08-15T15:05:53+02:00 data/dla-needed.txt: add yubico-piv-tool - - - - - fa6f220f by Mike Gabriel at 2020-08-15T15:14:33+02:00 data/CVE/list: mark CVE-2020-2433{0,1,2}/trousers/stretch as <ignored>. Service does not get launched as root. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -54,16 +54,19 @@ CVE-2020-24333 RESERVED CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers <unfixed> + [stretch] - trousers <ignored> (tss service gets started as non-root user via init script) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1 CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers <unfixed> + [stretch] - trousers <ignored> (tss service gets started as non-root user via init script) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1 CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers <unfixed> + [stretch] - trousers <ignored> (tss service gets started as non-root user via init script) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1 @@ -13737,6 +13740,7 @@ CVE-2020-17499 RESERVED CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) - wireshark 3.2.6-1 + [stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html ===================================== data/dla-needed.txt ===================================== @@ -187,3 +187,7 @@ xcftools NOTE: 20200523: Proposed fix https://github.com/j-jorge/xcftools/pull/15 (gladk) NOTE: 20200605: Patch https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch (gladk) -- +yubico-piv-tool + NOTE: 20200815: About CVE-2020-13131. Blog post available, but patch URLs seemingly not provided. + NOTE: 20200815: Needs deeper research. (sunweaver) +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d17f9ed798f9a298678e389a2ca3834947e1b9...fa6f220f759eae6570e41004db5a9bf6851975a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54d17f9ed798f9a298678e389a2ca3834947e1b9...fa6f220f759eae6570e41004db5a9bf6851975a6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits