From 5081e8e6ef56caf25a5c2f91211b416ded55308c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 8 Jul 2020 21:21:09 +0200 Subject: Add source package tracking for python3.4 and mark as removed This is not fully correct, but the situation can not be otherwise sensibly constructed. Initially python3.4 was in all suites not affected as the incomplete fix not applied (and when fixing CVE-2019-9636 applying the full fix sould have been done if possible). As noted in the previous commit though in jessie specifically the CVE was introduced. Hope reviewers of this commit agree, otherwise we can rediscuss how to best mark it. --- data/CVE/list.2019 | 1 + 1 file changed, 1 insertion(+) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index ba585620cc..f82db63960 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -28145,6 +28145,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 (Incomplete fix for CVE-2019-9636 not applied) - python3.5 (Incomplete fix for CVE-2019-9636 not applied) + - python3.4 - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 [stretch] - python2.7 (Incomplete fix for CVE-2019-9636 not applied) -- cgit v1.2.3