[Git][security-tracker-team/security-tracker][master] 2 commits: follow security team with CVE-2018-11489 and CVE-2018-11490

Fri, 27 Jul 2018 06:09:59 -0700 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
921021c6 by Thorsten Alteholz at 2018-07-27T15:07:24+02:00
follow security team with CVE-2018-11489 and CVE-2018-11490

- - - - -
9c5b8a53 by Thorsten Alteholz at 2018-07-27T15:07:54+02:00
no CVEs remaining for giflib

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7819,12 +7819,14 @@ CVE-2018-11491 (ASUS HG100 devices with firmware before 
1.05.12 allow unauthenti
 CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB 
(possibly ...)
        - giflib <unfixed> (bug #904114)
        [stretch] - giflib <no-dsa> (Minor issue)
+       [jessie] - giflib <no-dsa> (Minor issue)
        NOTE: https://github.com/pts/sam2p/issues/38
        NOTE: https://sourceforge.net/p/giflib/bugs/113/
        NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from 
giflib.
 CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB 
(possibly ...)
        - giflib <unfixed> (bug #904113)
        [stretch] - giflib <no-dsa> (Minor issue)
+       [jessie] - giflib <no-dsa> (Minor issue)
        NOTE: https://github.com/pts/sam2p/issues/37
        NOTE: https://sourceforge.net/p/giflib/bugs/112/
        NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from 
giflib.


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -33,10 +33,6 @@ firefox-esr (Emilio Pozuelo)
   NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 
goes EOL.
   NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need 
some work.
 --
-giflib (Thorsten Alteholz)
-  NOTE: 20180717: As of today, no possible fix could be found for 
CVE-2018-11489 and
-  NOTE: 20180717: CVE-2018-11490 while triaging these issues.
---
 git-annex
   NOTE: 20180710: See #903037 for more information and a fix for Stretch.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8ffda325f869185c065cd69a805e4bb971866a43...9c5b8a53c0da829828b6d4eeaa2004388c212c37

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8ffda325f869185c065cd69a805e4bb971866a43...9c5b8a53c0da829828b6d4eeaa2004388c212c37
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to