From 519745f71dfd6ee7321349f938a5be953d676f49 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 8 Jul 2020 21:21:09 +0200 Subject: Add source package tracking for python3.4 and mark as removed This is not fully correct, but the situation can not be otherwise sensibly constructed. Initially python3.4 was in all suites not affected as the incomplete fix not applied (and when fixing CVE-2019-9636 applying the full fix sould have been done if possible). As noted in the previous commit though in jessie specifically the CVE was introduced. Hope reviewers of this commit agree, otherwise we can rediscuss how to best mark it. --- data/CVE/list | 1 + 1 file changed, 1 insertion(+) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 49bc8ceac9..1e4e71829b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -68252,6 +68252,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 (Incomplete fix for CVE-2019-9636 not applied) - python3.5 (Incomplete fix for CVE-2019-9636 not applied) + - python3.4 - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 [stretch] - python2.7 (Incomplete fix for CVE-2019-9636 not applied) -- cgit v1.2.3