Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: e9d04c2d by Utkarsh Gupta at 2020-11-01T17:07:36+05:30 Triage python-cryptography, blueman, and wordpress - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -5680,6 +5680,7 @@ CVE-2020-25660 CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption] RESERVED - python-cryptography <unfixed> (bug #973247) + [stretch] - python-cryptography <no-dsa> (Minor issue; risk of regression & marginal benefit) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988 NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2) ===================================== data/dla-needed.txt ===================================== @@ -28,6 +28,8 @@ ark NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith) NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible with the old architecture (abhijith) -- +blueman +-- brotli (Roberto C. Sánchez) NOTE: 20201025: Requested patch review on debian-lts@l.d.o (roberto) -- @@ -200,6 +202,8 @@ wireshark (Adrian Bunk) NOTE: 20201026: will backport 2.6.8-1.1 first, and then try to update in the NOTE: 20201026: next buster point release followed by another backport (bunk) -- +wordpress (Utkarsh) +-- xcftools NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle) NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits