diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-31 19:55:20 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-31 19:55:46 +0200 |
commit | dcaf52a8d35f813ca8125f4425ed4a2c7b953bcb (patch) | |
tree | 5ac28520eb27a5ff34a6c16560ad6392997be5c7 | |
parent | 98e5caa0acdd899344dc93e276e7f4779b927c64 (diff) |
buster triage
-rw-r--r-- | data/CVE/list | 6 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 526461aade..12095a5492 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -342,6 +342,7 @@ CVE-2020-24862 RESERVED CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...) - rust-rgb <unfixed> (bug #969213) + [buster] - rust-rgb <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html NOTE: https://github.com/kornelski/rust-rgb/issues/35 CVE-2020-24861 @@ -15163,6 +15164,7 @@ CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution vi NOT-FOR-US: vBulletin CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...) - python-django-celery-results <unfixed> (bug #968305) + [buster] - python-django-celery-results <no-dsa> (Minor issue) NOTE: https://github.com/celery/django-celery-results/issues/142 CVE-2020-17494 RESERVED @@ -19981,6 +19983,7 @@ CVE-2020-15357 RESERVED CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...) - sqlite3 3.32.3-1 + [buster] - sqlite3 <no-dsa> (Minor issue) [stretch] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0) [jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0) NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5 @@ -27597,6 +27600,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be CVE-2020-12403 RESERVED - nss 2:3.55-1 + [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 @@ -39714,6 +39718,7 @@ CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) + [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 RESERVED @@ -86149,6 +86154,7 @@ CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability all NOT-FOR-US: GAT-Ship Web Module CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...) - ruby-omniauth <unfixed> + [buster] - ruby-omniauth <no-dsa> (Minor issue) [stretch] - ruby-omniauth <no-dsa> (Minor issue) [jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps) NOTE: https://github.com/omniauth/omniauth/pull/809 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 20d1cbbb44..b9b2de65ab 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -22,6 +22,8 @@ knot-resolver linux (carnil) Wait until more issues have piled up -- +qemu +-- rails (jmm) Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- |