Re: [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-12675, CVE-2020-12691, CVE-2020-12690 and CVE-2020-12689 for stretch LTS.

To: lamby@debian.org, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-12675, CVE-2020-12691, CVE-2020-12690 and CVE-2020-12689 for stretch LTS.
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 7 Jul 2020 14:22:09 +0200
Message-id: <[🔎] 27f2951a-2174-22a6-4286-a64de30515e0@debian.org>
In-reply-to: <5f045e62a839f_67d82b220f308ef8698433@godard.mail>
References: <5f045e62a839f_67d82b220f308ef8698433@godard.mail>

Hi Chris,

On 07/07/2020 13:37, Chris Lamb wrote:
>  CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
>  	{DSA-4679-1}
>  	- keystone 2:17.0.0~rc2-1 (bug #959900)
> +	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)

While I see keystone in security-support-ended.deb8, I don't see it in
security-support-ended.deb9. If the situation is still the same wrt openstack,
then I think we should add it security-support-ended and announce it.

Maybe we should in fact review all the packages in security-support-ended.deb8
and see if there are any that should also be in deb9.

Cheers,
Emilio

>  	[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
>  	NOTE: https://bugs.launchpad.net/keystone/+bug/1872737
>  	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4
>  CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
>  	{DSA-4679-1}
>  	- keystone 2:17.0.0~rc2-1 (bug #959900)
> +	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
>  	[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
>  	NOTE: https://bugs.launchpad.net/keystone/+bug/1872733
>  	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
>  CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
>  	{DSA-4679-1}
>  	- keystone 2:17.0.0~rc2-1 (bug #959900)
> +	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
>  	[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
>  	NOTE: https://bugs.launchpad.net/keystone/+bug/1873290
>  	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6
> @@ -7016,6 +7019,7 @@ CVE-2020-12673
>  CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
>  	{DSA-4679-1}
>  	- keystone 2:17.0.0~rc2-1 (bug #959900)
> +	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
>  	[jessie] - keystone <end-of-life> (Not supported in Jessie)
>  	NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
>  	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
> 
> 
> 
> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77de6285845fae7503a2f223c6165a61ee36db79
> 
> 
> _______________________________________________
> debian-security-tracker-commits mailing list
> debian-security-tracker-commits@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
>

Reply to:

Follow-Ups:
- Re: [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-12675, CVE-2020-12691, CVE-2020-12690 and CVE-2020-12689 for stretch LTS.
  - From: Holger Levsen <holger@layer-acht.org>
- Re: [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-12675, CVE-2020-12691, CVE-2020-12690 and CVE-2020-12689 for stretch LTS.
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Re: DLA template and user signatures
Next by Date: Re: DLA template and user signatures
Previous by thread: Re: DLA template and user signatures
Next by thread: Re: [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-12675, CVE-2020-12691, CVE-2020-12690 and CVE-2020-12689 for stretch LTS.
Index(es):
- Date
- Thread