From bce5996ab8f2bd2b6973399354cc25c0f1d4c0e0 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 1 Jul 2020 12:10:45 +0200
Subject: - "new" dnsmasq issue (CVE is for Red Hat, but they essentially found
 the same issue Mika Prokop did back in 2014) - new rails issue - NFU - add
 squid to dsa-needed

---
 data/CVE/list       | 6 ++++++
 data/dsa-needed.txt | 2 ++
 2 files changed, 8 insertions(+)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index dd71d33f2f..68294a7615 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2732,6 +2732,8 @@ CVE-2020-14313
 	RESERVED
 CVE-2020-14312
 	RESERVED
+	- dnsmasq 2.69-1 (bug #732610)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
 CVE-2020-14311
 	RESERVED
 CVE-2020-14310
@@ -2744,6 +2746,7 @@ CVE-2020-14307
 	RESERVED
 CVE-2020-14306
 	RESERVED
+	NOT-FOR-US: OpenShift
 CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
 	RESERVED
 	- linux 4.12.6-1
@@ -19156,6 +19159,9 @@ CVE-2020-8186
 	RESERVED
 CVE-2020-8185
 	RESERVED
+	[experimental] - rails <unfixed>
+	- rails <not-affected> (Introduced in rails 6.x)
+	NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
 	- ruby-rack <unfixed> (bug #963477)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 19e625e077..bc2188ddc2 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -51,6 +51,8 @@ rails
 ruby2.5/stable
   Utkarsh Gupta proposed to work on an update
 --
+squid/stable
+--
 squid3/oldstable
 --
 teeworlds/stable (jmm)
-- 
cgit v1.2.3