From 60bf99562d2e1203cddc11a15fbad3d733711c9a Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 6 Feb 2021 10:18:37 +0100
Subject: Merge updates acked and included in the Debian buster 10.8 point
 release

For the first time with the help of 'merge-cve-files' as implemented by
Emilio Pozuelo Monfort.

next-point-update.txt: Cleanup list from merged entries
---
 data/CVE/2019.list | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'data/CVE/2019.list')

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index f7ac573379..e811896ddb 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -3688,7 +3688,7 @@ CVE-2019-19554
 	RESERVED
 CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...)
 	- wireshark 3.0.7-1 (low)
-	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+	[buster] - wireshark 2.6.20-0+deb10u1
 	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
 	[jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961
@@ -11767,7 +11767,7 @@ CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cs
 	NOT-FOR-US: PicoC
 CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...)
 	- wireshark 3.0.4-1 (low)
-	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+	[buster] - wireshark 2.6.20-0+deb10u1
 	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html
@@ -16355,7 +16355,7 @@ CVE-2019-14585
 CVE-2019-14584
 	RESERVED
 	- edk2 2020.11-1 (bug #977300)
-	[buster] - edk2 <no-dsa> (Minor issue)
+	[buster] - edk2 0~20181115.85588389-3+deb10u3
 	[stretch] - edk2 <ignored> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
 	NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
@@ -18973,7 +18973,7 @@ CVE-2019-13620
 	RESERVED
 CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the  ...)
 	- wireshark 2.6.10-1 (low)
-	[buster] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
+	[buster] - wireshark 2.6.20-0+deb10u1
 	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
 	[jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html
@@ -28255,7 +28255,7 @@ CVE-2019-10204
 	RESERVED
 CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
 	- pdns 4.2.0-1 (low; bug #970729)
-	[buster] - pdns <no-dsa> (Minor issue)
+	[buster] - pdns 4.1.6-3+deb10u1
 	[stretch] - pdns <no-dsa> (Minor issue)
 	[jessie] - pdns <no-dsa> (Minor issue)
 	NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update
-- 
cgit v1.2.3