From 8648affbd980e753a09cb82026634d2c33a3a032 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 29 Sep 2020 17:27:22 +0300 Subject: Reserve DLA-2388-1 for nss --- data/CVE/list | 2 -- data/DLA/list | 3 +++ data/dla-needed.txt | 4 ---- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 1da9ac8b9c..747fb81c56 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -86845,7 +86845,6 @@ CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentat [stretch] - thunderbird 1:60.8.0-1~deb9u1 - nss 2:3.45-1 [buster] - nss 2:3.42.1-1+deb10u1 - [stretch] - nss (Minor issue) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729 @@ -86898,7 +86897,6 @@ CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with lea [stretch] - thunderbird 1:60.8.0-1~deb9u1 - nss 2:3.45-1 [buster] - nss 2:3.42.1-1+deb10u1 - [stretch] - nss (Minor issue) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719 diff --git a/data/DLA/list b/data/DLA/list index 17bd78dc87..ebe8e1584b 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[29 Sep 2020] DLA-2388-1 nss - security update + {CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729 CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403} + [stretch] - nss 2:3.26.2-1.1+deb9u2 [28 Sep 2020] DLA-2387-1 firefox-esr - security update {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678} [stretch] - firefox-esr 78.3.0esr-1~deb9u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 8610c0705b..0d1596dd67 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -100,10 +100,6 @@ mumble NOTE: 20200504: discussion going on with team@security.debian.org and mumble maintainer (abhijith) NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg00008.html (abhijith) -- -nss (Adrian Bunk) - NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc) - NOTE: 20200928: testing fixed package (bunk) --- open-build-service (Utkarsh Gupta) NOTE: 20200928: in touch with upstream - still figuring out the best way to backport. (utkarsh) -- -- cgit v1.2.3