From e2ef9ca26a0330d60b2f441dc397bbc9ddb586e2 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 29 Jan 2020 11:16:59 -0800
Subject: opensmtpd DSA one disputed systemd issue resolved

---
 data/CVE/2018.list  | 8 ++++----
 data/CVE/2020.list  | 1 +
 data/DSA/list       | 4 ++++
 data/dsa-needed.txt | 3 ---
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 7012eb071d..a12461c271 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -8,10 +8,10 @@ CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat
 	- jupyter-notebook 5.7.4-1
 	NOTE: https://github.com/jupyter/notebook/pull/3341
 CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed  ...)
-	- systemd <unfixed>
-	[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
-	[stretch] - systemd <not-affected> (Vulnerable code introduced later)
-	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
+	- systemd 244-1 (low)
+	[buster] - systemd <not-affected> (Only affected v243)
+	[stretch] - systemd <not-affected> (Only affected v243)
+	[jessie] - systemd <not-affected> (Only affected v243)
 	NOTE: https://github.com/systemd/systemd/issues/9397
 CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...)
 	- boa <removed>
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b93efbc83e..93bdfbf4ac 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -13688,6 +13688,7 @@ CVE-2020-1717
 	RESERVED
 CVE-2020-1716
 	RESERVED
+	NOT-FOR-US: ceph-ansible
 CVE-2020-1715
 	RESERVED
 CVE-2020-1714
diff --git a/data/DSA/list b/data/DSA/list
index e3ed1ccc74..c9a1340067 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[29 Jan 2020] DSA-4611-1 opensmtpd - security update
+	{CVE-2020-7247}
+	[stretch] - opensmtpd 6.0.2p1-2+deb9u1
+	[buster] - opensmtpd 6.0.3p1-5+deb10u3
 [29 Jan 2020] DSA-4610-1 webkit2gtk - security update
 	{CVE-2019-8835 CVE-2019-8844 CVE-2019-8846}
 	[buster] - webkit2gtk 2.26.3-1~deb10u1
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 8fac557093..da01a4da24 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -42,9 +42,6 @@ nss/oldstable (jmm)
 --
 openjdk-8 (jmm)
 --
-opensmtpd
-  Maintainer working on updates
---
 php7.0
 --
 php7.3
-- 
cgit v1.2.3