Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ba09897 by Thorsten Alteholz at 2019-01-21T15:06:13Z
add openssh
- - - - -
830540c5 by Thorsten Alteholz at 2019-01-21T15:06:14Z
mark CVE-2018-20712 as no-dsa for jessie
- - - - -
1fab3234 by Thorsten Alteholz at 2019-01-21T15:06:14Z
add firmware-nonfree
- - - - -
0574e5b3 by Thorsten Alteholz at 2019-01-21T15:06:16Z
mark CVE-2019-6293 as no-dsa for jessie
- - - - -
07d6ee5a by Thorsten Alteholz at 2019-01-21T15:06:17Z
mark CVE-2019-5010 as postponed for jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -530,6 +530,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before
3.2.4 for WordPress,
CVE-2019-6293 (An issue was discovered in the function
mark_beginning_as_normal in ...)
- flex <unfixed> (low; bug #919428)
[stretch] - flex <no-dsa> (Minor issue)
+ [jessie] - flex <no-dsa> (Minor issue)
NOTE: https://github.com/westes/flex/issues/414
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka
...)
- yaml-cpp <unfixed> (bug #919430)
@@ -580,6 +581,7 @@ CVE-2019-6279
CVE-2018-20712 (A heap-based buffer over-read exists in the function
d_expression_1 in ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
+ [jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
CVE-2018-20711
@@ -3372,6 +3374,7 @@ CVE-2019-5010 [NULL pointer dereference using a specially
crafted X509 certifica
- python3.4 <removed>
- python2.7 <unfixed>
[stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a
future DSA)
+ [jessie] - python2.7 <postponed> (Minor issue, can be fixed along in a
future DSA)
NOTE: https://bugs.python.org/issue35746
NOTE: https://github.com/python/cpython/pull/11569
NOTE:
https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031
(3.7.x)
=====================================
data/dla-needed.txt
=====================================
@@ -27,6 +27,9 @@ exiv2 (Thorsten Alteholz)
faad2
NOTE: 20181214: No known patch yet. Not urgent but would be good to fix.
(opal)
--
+firmware-nonfree
+ NOTE: needed by sponsors
+--
freerdp (Mike Gabriel)
NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I
will ask upstream
@@ -90,6 +93,8 @@ openjpeg2
NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not
sure it's worth it either.
NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
--
+openssh
+--
phpmyadmin (Lucas Kanashiro)
NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by
sunweaver, with frontdesk hat on)
NOTE: 20190116: Please also triage CVE-2018-19969. Thanks.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
