Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3ba09897 by Thorsten Alteholz at 2019-01-21T15:06:13Z add openssh - - - - - 830540c5 by Thorsten Alteholz at 2019-01-21T15:06:14Z mark CVE-2018-20712 as no-dsa for jessie - - - - - 1fab3234 by Thorsten Alteholz at 2019-01-21T15:06:14Z add firmware-nonfree - - - - - 0574e5b3 by Thorsten Alteholz at 2019-01-21T15:06:16Z mark CVE-2019-6293 as no-dsa for jessie - - - - - 07d6ee5a by Thorsten Alteholz at 2019-01-21T15:06:17Z mark CVE-2019-5010 as postponed for jessie - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -530,6 +530,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress, CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...) - flex <unfixed> (low; bug #919428) [stretch] - flex <no-dsa> (Minor issue) + [jessie] - flex <no-dsa> (Minor issue) NOTE: https://github.com/westes/flex/issues/414 CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...) - yaml-cpp <unfixed> (bug #919430) @@ -580,6 +581,7 @@ CVE-2019-6279 CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043 CVE-2018-20711 @@ -3372,6 +3374,7 @@ CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certifica - python3.4 <removed> - python2.7 <unfixed> [stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA) + [jessie] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA) NOTE: https://bugs.python.org/issue35746 NOTE: https://github.com/python/cpython/pull/11569 NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x) ===================================== data/dla-needed.txt ===================================== @@ -27,6 +27,9 @@ exiv2 (Thorsten Alteholz) faad2 NOTE: 20181214: No known patch yet. Not urgent but would be good to fix. (opal) -- +firmware-nonfree + NOTE: needed by sponsors +-- freerdp (Mike Gabriel) NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten) NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I will ask upstream @@ -90,6 +93,8 @@ openjpeg2 NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either. NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle) -- +openssh +-- phpmyadmin (Lucas Kanashiro) NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by sunweaver, with frontdesk hat on) NOTE: 20190116: Please also triage CVE-2018-19969. Thanks. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits