buster triage

2 files changed, 10 insertions, 2 deletions

diff --git a/data/CVE/list b/data/CVE/list
index b3e5ef3973..82a8db63ef 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -130,6 +130,7 @@ CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, a
 	NOTE: https://www.spinics.net/lists/stable/msg405099.html
 CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...)
 	- libproxy <unfixed>
+	[buster] - libproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/libproxy/libproxy/issues/134
 CVE-2020-25218
 	RESERVED
@@ -167,6 +168,7 @@ CVE-2020-25203
 	RESERVED
 CVE-2019-XXXX [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.2]
 	- rust-rand-core 0.5.0-1 (bug #969911; low)
+	[buster] - rust-rand-core <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
 	NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
 CVE-2019-XXXX [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 can cause DoS]
@@ -671,6 +673,7 @@ CVE-2020-24973
 	RESERVED
 CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG  ...)
 	- kleopatra <unfixed>
+	[buster] - kleopatra <no-dsa> (Minor issue)
 	NOTE: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
 	NOTE: https://security.gentoo.org/glsa/202008-21
 CVE-2020-24971
@@ -23151,6 +23154,7 @@ CVE-2020-14363 [Double free in libX11 locale handling code]
 	RESERVED
 	{DLA-2361-1}
 	- libx11 <unfixed> (bug #969008)
+	[buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
 CVE-2020-14362
@@ -23231,7 +23235,7 @@ CVE-2020-14345
 CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...)
 	{DLA-2312-1}
 	- libx11 2:1.6.10-1
-	[buster] - libx11 <no-dsa> (Minor issue)
+	[buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
@@ -56789,7 +56793,7 @@ CVE-2020-1970
 CVE-2020-1969
 	RESERVED
 CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can  ...)
-	- openssl 1.1.1g-1
+	- openssl 1.1.1~~pre9-1
 	- openssl1.0 <removed>
 	NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed version in sid
 	NOTE: https://www.openssl.org/news/secadv/20200909.txt
@@ -80139,6 +80143,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
 	- rainloop 1.14.0-1
+	[buster] - rainloop <no-dsa> (Minor issue)
 	NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
 CVE-2019-13388
 	RESERVED
@@ -106912,6 +106917,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1
 	NOT-FOR-US: SuSE
 CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
 	- osc <unfixed> (bug #969999)
+	[buster] - osc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
 	NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0)
 CVE-2019-3680
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 1b0141674a..ef79dffd87 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -16,6 +16,8 @@ chromium
 --
 curl (ghedo)
 --
+inspircd
+--
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review
 --