diff options
| author | Abhijith PA <abhijith@disroot.org> | 2020-08-02 10:15:57 +0530 |
|---|---|---|
| committer | Abhijith PA <abhijith@disroot.org> | 2020-08-02 10:15:57 +0530 |
| commit | 98f146be45839b3b897b79544f48b8f6f97bc24f (patch) | |
| tree | 093ac381f56a755bfc5cb130bb953512e11a8274 | |
| parent | 1f83af0e9747cce5fd0df6a30966470baa07d41a (diff) | |
stretch triage
| -rw-r--r-- | data/CVE/list | 4 | ||||
| -rw-r--r-- | data/dla-needed.txt | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 66eb630fee..4a392c009a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -739,6 +739,7 @@ CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were NOT-FOR-US: Mida eFramework CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation ...) - claws-mail 3.17.6-1 + [stretch] - claws-mail <no-dsa> (low priority issue) NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5 CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...) NOT-FOR-US: Tenda devices @@ -4657,6 +4658,7 @@ CVE-2020-14348 CVE-2020-14347 [X Server Pixel Data Uninitialized Memory Information Disclosure] RESERVED - xorg-server <unfixed> + [stretch] - xorg-server <postponed> (Minor issue, can be fixed along in next release) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 CVE-2020-14346 @@ -14034,6 +14036,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) - bareos <unfixed> (bug #965985) + [stretch] - bareos <no-dsa> (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) - glpi <removed> (unimportant) @@ -31638,6 +31641,7 @@ CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserial NOT-FOR-US: phpMussel CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to ...) - bareos <unfixed> (bug #965985) + [stretch] - bareos <no-dsa> (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...) NOT-FOR-US: Bolt CMS diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 287f57764f..f46b04a4af 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -52,6 +52,8 @@ condor (Roberto C. Sánchez) NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto) -- +evolution-data-server +-- firefox-esr (Emilio) NOTE: 20200720: working on ESR 78 backport. (Emilio) -- @@ -73,6 +75,8 @@ jruby (Adrian Bunk) jupyter-notebook NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby) -- +libx11 +-- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) |