diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-31 19:55:20 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-31 19:55:46 +0200 |
commit | f767f3cf687ab6101098c8528b212dac7be54c49 (patch) | |
tree | 629b2805223f426abd5074dd254ef5f0429e8e81 | |
parent | 5d9f73bf98bc812a0d313a04b146f83316b98115 (diff) |
buster triage
-rw-r--r-- | data/CVE/2015.list | 1 | ||||
-rw-r--r-- | data/CVE/2020.list | 5 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 00a5e2c97f..4e4781d964 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -560,6 +560,7 @@ CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ U NOT-FOR-US: esoTalk CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...) - ruby-omniauth <unfixed> + [buster] - ruby-omniauth <no-dsa> (Minor issue) [stretch] - ruby-omniauth <no-dsa> (Minor issue) [jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps) NOTE: https://github.com/omniauth/omniauth/pull/809 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3265283b69..f6b177574b 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -342,6 +342,7 @@ CVE-2020-24862 RESERVED CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...) - rust-rgb <unfixed> (bug #969213) + [buster] - rust-rgb <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html NOTE: https://github.com/kornelski/rust-rgb/issues/35 CVE-2020-24861 @@ -15161,6 +15162,7 @@ CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution vi NOT-FOR-US: vBulletin CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...) - python-django-celery-results <unfixed> (bug #968305) + [buster] - python-django-celery-results <no-dsa> (Minor issue) NOTE: https://github.com/celery/django-celery-results/issues/142 CVE-2020-17494 RESERVED @@ -19904,6 +19906,7 @@ CVE-2020-15357 RESERVED CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...) - sqlite3 3.32.3-1 + [buster] - sqlite3 <no-dsa> (Minor issue) [stretch] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0) [jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0) NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5 @@ -26994,6 +26997,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be CVE-2020-12403 RESERVED - nss 2:3.55-1 + [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 @@ -37332,6 +37336,7 @@ CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) + [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 RESERVED diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 20d1cbbb44..b9b2de65ab 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -22,6 +22,8 @@ knot-resolver linux (carnil) Wait until more issues have piled up -- +qemu +-- rails (jmm) Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- |