Re: [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-12675, CVE-2020-12691, CVE-2020-12690 and CVE-2020-12689 for stretch LTS.

Tue, 07 Jul 2020 05:22:39 -0700 

Hi Chris,

On 07/07/2020 13:37, Chris Lamb wrote:
>  CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, 
> and 16.0. ...)
>       {DSA-4679-1}
>       - keystone 2:17.0.0~rc2-1 (bug #959900)
> +     [stretch] - keystone <end-of-life> (Not supported in stretch LTS)

While I see keystone in security-support-ended.deb8, I don't see it in
security-support-ended.deb9. If the situation is still the same wrt openstack,
then I think we should add it security-support-ended and announce it.

Maybe we should in fact review all the packages in security-support-ended.deb8
and see if there are any that should also be in deb9.

Cheers,
Emilio

>       [jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
>       NOTE: https://bugs.launchpad.net/keystone/+bug/1872737
>       NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4
>  CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, 
> and 16.0. ...)
>       {DSA-4679-1}
>       - keystone 2:17.0.0~rc2-1 (bug #959900)
> +     [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
>       [jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
>       NOTE: https://bugs.launchpad.net/keystone/+bug/1872733
>       NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
>  CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, 
> and 16.0. ...)
>       {DSA-4679-1}
>       - keystone 2:17.0.0~rc2-1 (bug #959900)
> +     [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
>       [jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
>       NOTE: https://bugs.launchpad.net/keystone/+bug/1873290
>       NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6
> @@ -7016,6 +7019,7 @@ CVE-2020-12673
>  CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, 
> and 16.0. ...)
>       {DSA-4679-1}
>       - keystone 2:17.0.0~rc2-1 (bug #959900)
> +     [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
>       [jessie] - keystone <end-of-life> (Not supported in Jessie)
>       NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
>       NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
> 
> 
> 
> View it on GitLab: 
> https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77de6285845fae7503a2f223c6165a61ee36db79
> 
> 
> _______________________________________________
> debian-security-tracker-commits mailing list
> debian-security-tracker-comm...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
>

Reply via email to