Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b4aedae by Ola Lundqvist at 2018-12-13T20:39:44Z
Triage results.
- - - - -
3 changed files:
- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -178,6 +178,7 @@ CVE-2018-20061 (A SQL injection issue was discovered in
ERPNext 10.x and 11.x th
CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization
HTTP ...)
- python-urllib3 1.24-1
[stretch] - python-urllib3 <no-dsa> (Minor issue)
+ [jessie] - python-urllib3 <ignored> (Minor issue)
NOTE: https://github.com/urllib3/urllib3/issues/1316
NOTE: https://github.com/urllib3/urllib3/pull/1346
NOTE:
https://github.com/urllib3/urllib3/commit/3d7f98b07b6e6e04c2e89cdf5afb18024a2d804c
@@ -2576,6 +2577,8 @@ CVE-2018-19778
RESERVED
CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the
function ...)
- mupdf <unfixed> (bug #915137)
+ [stretch] - mupdf <ignored> (Minor issue)
+ [jessie] - mupdf <ignored> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301
CVE-2018-19776
RESERVED
@@ -5895,6 +5898,7 @@ CVE-2018-19505
RESERVED
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2
(FAAD2) ...)
- faad2 <unfixed> (bug #914641)
+ [jessie] - faad2 <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/faac/bugs/240/
CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2
(FAAD2) ...)
- faad2 <unfixed> (bug #914641)
@@ -42992,10 +42996,14 @@ CVE-2018-5810 (An error within the
"rollei_load_raw()" function ...)
NOTE:
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function
...)
- libraw 0.18.11-1
+ [stretch] - libraw <ignored> (Minor issue)
+ [jessie] - libraw <ignored> (Minor issue)
NOTE:
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE:
https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function ...)
- libraw 0.18.11-1
+ [stretch] - libraw <ignored> (Minor issue)
+ [jessie] - libraw <ignored> (Minor issue)
NOTE:
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE:
https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function ...)
=====================================
data/dla-needed.txt
=====================================
@@ -19,6 +19,9 @@ enigmail
exiv2 (Thorsten Alteholz)
NOTE: 20181202: also recheck other CVEs (Thorsten)
--
+faad2
+ NOTE: 20181214: No known patch yet. Not urgent but would be good to fix.
+--
freerdp (Mike Gabriel)
NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I
will ask upstream
@@ -37,6 +40,8 @@ freerdp (Mike Gabriel)
--
ghostscript (Lucas Kanashiro)
--
+gnutls28
+--
jasper
--
libapache-mod-jk (Roberto C. Sánchez)
@@ -86,6 +91,8 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
+nettle
+--
nss
NOTE: 20181212: Bug report not public but it is likely that the package is
vulnerable. Maintainer not contacted
NOTE: 20181212: yet. Further investigation needed.
=====================================
data/dsa-needed.txt
=====================================
@@ -23,6 +23,8 @@ ghostscript
--
glusterfs
--
+gnutls28
+--
libapache-mod-jk
Maintainer proposing an update (and backportig the buster version)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b4aedae40849afa22ba09826506b3a52ec71c0a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b4aedae40849afa22ba09826506b3a52ec71c0a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
