[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-19869/qtsvg-opensource-src no-dsa on jessie

Thu, 13 Dec 2018 02:57:49 -0800 

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a453a9ad by Emilio Pozuelo Monfort at 2018-12-13T10:56:41Z
CVE-2018-19869/qtsvg-opensource-src no-dsa on jessie

- - - - -
1720a0c8 by Emilio Pozuelo Monfort at 2018-12-13T10:56:42Z
CVE-2018-19871 affects qt4-x11 too

- - - - -
1323e517 by Emilio Pozuelo Monfort at 2018-12-13T10:56:43Z
CVE-2018-19871 postponed in jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2269,9 +2269,12 @@ CVE-2018-19872
 CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
        RESERVED
        - qtimageformats-opensource-src <unfixed>
+       [jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
+       - qt4-x11 <unfixed>
+       [jessie] - qt4-x11 <postponed> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/237761/
-       TODO: check for completeness, possibly as well qt4-x11
+       NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
 CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
        RESERVED
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
@@ -2283,6 +2286,7 @@ CVE-2018-19869 [Fix crash when parsing malformed url 
reference]
        RESERVED
        - qtsvg-opensource-src <unfixed> (low)
        [stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
+       [jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/234142/
        TODO: check for completeness, possibly as well qt4-x11


=====================================
data/dla-needed.txt
=====================================
@@ -110,9 +110,6 @@ policykit-1 (Santiago)
 --
 qemu
 --
-qtsvg-opensource-src
-  NOTE: 20181210: Needs more investigation around related packages/upstream 
etc. (lamby)
---
 samba (Emilio Pozuelo)
   NOTE: 20181203: regression in upstream fix, waiting for confirmed regression 
fix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f4d34a425014997c470de99b8b56b30c47c893fc...1323e517fa4b719257b1d55aaed2d34fc34295cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f4d34a425014997c470de99b8b56b30c47c893fc...1323e517fa4b719257b1d55aaed2d34fc34295cf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to