[Git][security-tracker-team/security-tracker][master] Fixes for two CVEs included in DLA-1638-1, remove no-dsa tagged entries

Salvatore Bonaccorso Tue, 22 Jan 2019 13:40:27 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
70155bd4 by Salvatore Bonaccorso at 2019-01-22T21:39:21Z
Fixes for two CVEs included in DLA-1638-1, remove no-dsa tagged entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67106,7 +67106,6 @@ CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 
1.7.33 fail to validate t
 CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
        - libjpeg-turbo <unfixed> (low; bug #902950)
        [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
-       [jessie] - libjpeg-turbo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
 CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and 
TV Live ...)
        NOT-FOR-US: web server on Western Digital TV Media Player and TV Live 
Hub
@@ -140832,7 +140831,6 @@ CVE-2016-3617
        RESERVED
 CVE-2016-3616 (The cjpeg utility in libjpeg allows remote attackers to cause a 
denial ...)
        - libjpeg-turbo 1:1.4.2-1
-       [jessie] - libjpeg-turbo <no-dsa> (Minor issue)
        NOTE: libjpeg-turbo: Fixed by: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91
 (1.4.2)
        - libjpeg6b <unfixed> (unimportant)
        NOTE: unimportant, since cjpeg not installed in binary package in any 
suite having src:libjpeg6b



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70155bd4f76ca2fe6f7a47be5fae2c44d837869b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70155bd4f76ca2fe6f7a47be5fae2c44d837869b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Fixes for two CVEs included in DLA-1638-1, remove no-dsa tagged entries

Reply via email to