[Git][security-tracker-team/security-tracker][master] Triage results.

Ola Lundqvist Sun, 16 Dec 2018 03:05:08 -0800

Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fcba4d14 by Ola Lundqvist at 2018-12-16T11:04:36Z
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4362,7 +4362,9 @@ CVE-2018-19873 [QBmpHandler segfault on malformed BMP 
file]
        RESERVED
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src <unfixed>
+       [jessie] - qtbase-opensource-src <ignored> (Minor issue)
        - qt4-x11 <unfixed>
+       [jessie] - qt4-x11 <ignored> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/238749/
 CVE-2018-19872
@@ -4383,8 +4385,10 @@ CVE-2018-19870 [Check for QImage allocation failure in 
qgifhandler]
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src <unfixed> (low)
        [stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
+       [jessie] - qtbase-opensource-src <ignored> (Minor issue)
        - qt4-x11 <unfixed> (low)
        [stretch] - qt4-x11 <no-dsa> (Minor issue)
+       [jessie] - qt4-x11 <ignored> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/235998/
        NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in


=====================================
data/dla-needed.txt
=====================================
@@ -142,5 +142,10 @@ uw-imap (Roberto C. Sánchez)
 --
 wireshark (Thorsten Alteholz)
 --
+wordpress
+  NOTE: 2018-12-16: Triaging was made without source code check so it could be 
so that some of the issues are not present in 4.1. (Ola)
+  NOTE: CVE-2018-20149: Less serious than the others for this package but 
should still be worth fixing.
+  NOTE: CVE-2018-20150: Less serious than the others for this package but 
should still be worth fixing.
+--
 xen
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcba4d14a7615d36cc5b6fbe6c83d78836078ea5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcba4d14a7615d36cc5b6fbe6c83d78836078ea5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage results.

Reply via email to