Mark CVE-2020-6817/python-bleach

The issue is minor (considering the DOS potential) and there is quite some regression potenial with invasive fixes. Mark the issue no-dsa for buster and stretch.
author: Salvatore Bonaccorso <carnil@debian.org> 2020-04-08 14:45:06 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-04-08 14:45:06 +0200
commit: 44691f7492d59e2e732fddc3abfa9939fbb239be (patch)
tree: e769cf5f0d48c72d4a3489db9820b4c8d5888f4b
parent: e9ea830efb7110af90bb42b975312fc4487eda98 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index fe2f500166..8dc81a7b63 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -10460,10 +10460,13 @@ CVE-2020-6817 [Regular expression denial of service]
 	RESERVED
 	{DLA-2167-1}
 	- python-bleach 3.1.4-1 (bug #955388)
+	[buster] - python-bleach <no-dsa> (Minor issue; some regression potential)
+	[stretch] - python-bleach <no-dsa> (Minor issue; some regression potential)
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
 	NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
 	NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7
+	NOTE: Regression report: https://github.com/mozilla/bleach/pull/530
 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
author	Salvatore Bonaccorso <carnil@debian.org>	2020-04-08 14:45:06 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-04-08 14:45:06 +0200
commit	44691f7492d59e2e732fddc3abfa9939fbb239be (patch)
tree	e769cf5f0d48c72d4a3489db9820b4c8d5888f4b
parent	e9ea830efb7110af90bb42b975312fc4487eda98 (diff)