summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-07-09 12:40:10 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-07-09 12:40:10 +0200
commit34236da5867e183f794c20bdfce94ffcec58eb49 (patch)
tree4a0b75c8ff61584623b75ffcf8c21fd264171c29
parentf9792ee0313a84b792576f88aa01dfa2306875a5 (diff)
Remove no-dsa tagged entry, got at same time a DLA
Still the best solution is not only to cherry-pick the commit as fwupd is not functional in this version but needs a rebase to the 0.8.x series.
-rw-r--r--data/CVE/2020.list1
-rw-r--r--data/next-oldstable-point-update.txt2
2 files changed, 0 insertions, 3 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 56cbb7585e..f50228a935 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -11506,7 +11506,6 @@ CVE-2020-10759 [Possible bypass in signature verification]
RESERVED
- fwupd 1.3.10-1 (bug #962517)
[buster] - fwupd <no-dsa> (Will be fixed via point release)
- [stretch] - fwupd <no-dsa> (Will be fixed via point release)
- libjcat 0.1.3-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316
NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt
index 9b26bdd1c8..c4d23fbff1 100644
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -169,5 +169,3 @@ CVE-2020-0009
[stretch] - linux 4.9.228-1
CVE-2020-15562
[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u6
-CVE-2020-10759
- [stretch] - fwupd 0.8.3-1

© 2014-2024 Faster IT GmbH | imprint | privacy policy