Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8dd7fa80 by Thorsten Alteholz at 2018-10-26T12:45:07Z add ansible to dla-needed.txt - - - - - 2499af6d by Thorsten Alteholz at 2018-10-26T12:46:25Z add prayer to dla-needed.txt - - - - - e1915743 by Thorsten Alteholz at 2018-10-26T12:54:51Z add libmspack to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -9,6 +9,8 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues +-- +ansible -- cairo NOTE: 20181024: No fix available yet. @@ -41,6 +43,8 @@ liblivemedia (Hugo Lefeuvre) NOTE: CVE entry says remote: "no", but it looks like a pretty exploitable remote vulnerability NOTE: (remote code execution)... CVE is very well documented so I think this is worth a patch -- +libmspack (Thorsten Alteholz) +-- libspring-java (Abhijith PA) NOTE: 20181025: uses internal system & id to handle security issues, thus very hard chase all relevant commits. Contacted NOTE: 20181025: upstream but they couldn't help either. Only way left is to mark remaining vulnerabilities as no-dsa. @@ -78,6 +82,9 @@ qemu (Santiago) NOTE: 20181026: no fix yet for recent dsa issues, but start working on NOTE: pending no-dsa issues -- +prayer + NOTE: 20181026: more information and patch can be found in bug #911842 +-- salt (Antoine Beaupre) NOTE: 20180921: CVE-2017-7893 is not crucial since the managed system must be NOTE: 20180921: compromised first. But the security escalation effect can cause View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/094f19ca250112bb4ed564e8ba841312d6e03240...e1915743f0aa102d855ca6fcee65233704599777 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/094f19ca250112bb4ed564e8ba841312d6e03240...e1915743f0aa102d855ca6fcee65233704599777 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
