summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-07-08 21:21:09 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-07-08 21:21:09 +0200
commit5081e8e6ef56caf25a5c2f91211b416ded55308c (patch)
treea1b05bdc05155a0ae423f197cf1adbc1db1844d9
parent8dbddb44d36aec05bcd95c6376b6d268ef4b90de (diff)
Add source package tracking for python3.4 and mark as removed
This is not fully correct, but the situation can not be otherwise sensibly constructed. Initially python3.4 was in all suites not affected as the incomplete fix not applied (and when fixing CVE-2019-9636 applying the full fix sould have been done if possible). As noted in the previous commit though in jessie specifically the CVE was introduced. Hope reviewers of this commit agree, otherwise we can rediscuss how to best mark it.
-rw-r--r--data/CVE/list.20191
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index ba585620cc..f82db63960 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -28145,6 +28145,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
- python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
+ - python3.4 <removed>
- python2.7 2.7.16-3
[buster] - python2.7 2.7.16-2+deb10u1
[stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)

© 2014-2024 Faster IT GmbH | imprint | privacy policy