[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff Fri, 14 Dec 2018 00:35:17 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
286cfb1b by Moritz Muehlenhoff at 2018-12-14T08:34:28Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2323,9 +2323,11 @@ CVE-2018-19872
        RESERVED
 CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
        RESERVED
-       - qtimageformats-opensource-src <unfixed>
+       - qtimageformats-opensource-src <unfixed> (low)
+       [stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
        [jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
-       - qt4-x11 <unfixed>
+       - qt4-x11 <unfixed> (low)
+       [stretch] - qt4-x11 <no-dsa> (Minor issue)
        [jessie] - qt4-x11 <postponed> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/237761/
@@ -2333,8 +2335,10 @@ CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
 CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
        RESERVED
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
-       - qtbase-opensource-src <unfixed>
-       - qt4-x11 <unfixed>
+       - qtbase-opensource-src <unfixed> (low)
+       [stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
+       - qt4-x11 <unfixed> (low)
+       [stretch] - qt4-x11 <no-dsa> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/235998/
        NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
@@ -77229,8 +77233,8 @@ CVE-2017-11431
        RESERVED
 CVE-2017-11430
        RESERVED
-       - ruby-omniauth-saml 1.10.0-1 (bug #892864)
-       NOTE: fixed in 1.10.0
+       - ruby-omniauth-saml <not-affected> (The actual vulnerability is in 
ruby-saml, which is used by the Debian package)
+       NOTE: The change in 1.10.0 simply bumps the version requirement
        NOTE: https://github.com/omniauth/omniauth-saml/issues/156
        NOTE: https://github.com/omniauth/omniauth-saml/pull/157
        NOTE: 
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/286cfb1bc87594ec4ccf1c5b18cfdf76b4915d4c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/286cfb1bc87594ec4ccf1c5b18cfdf76b4915d4c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] stretch triage

Reply via email to