Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4936279e by Salvatore Bonaccorso at 2018-04-27T10:35:36+02:00 Reserve DSA for roundcube update - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -8141,6 +8141,7 @@ CVE-2018-1000072 (iRedMail version prior to commit f04b8ef contains a Insecure . NOT-FOR-US: iRedMail CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permissions ...) - roundcube <unfixed> (unimportant; bug #897014) + [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2 NOTE: https://github.com/roundcube/roundcubemail/issues/6173 NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5 NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt ===================================== data/DSA/list ===================================== --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[27 Apr 2018] DSA-4181-1 roundcube - security update + {CVE-2018-9846} + [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2 [25 Apr 2018] DSA-4180-1 drupal7 - security update {CVE-2018-7602} [jessie] - drupal7 7.32-1+deb8u12 ===================================== data/dsa-needed.txt ===================================== --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -88,10 +88,6 @@ ruby2.3/stable Santiago will prepare an update work-in-progress: https://salsa.debian.org/ruby-team/ruby/tree/stretch-security-wip -- -roundcube (carnil) - Guilhem Moulin proposed an update in https://bugs.debian.org/895184, needs review and ack - Update should include as well the no-dsa tagged fix for CVE-2018-1000071 --- sdl-image1.2 Felix Geyer (debfx) working on updates -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4936279e43dbc1a36c8799ccc6e74247c7d1bd5d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4936279e43dbc1a36c8799ccc6e74247c7d1bd5d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits