Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6605422 by Salvatore Bonaccorso at 2019-02-02T13:25:46Z
Add notes for CVE-2019-6446/python-numpy
The proposed switch will only be in a major bump version, e.g. 1.17.0
and documented in the release notes.
Changing the default in a stable release is not sensible.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2022,6 +2022,10 @@ CVE-2019-6446 (An issue was discovered in NumPy 1.16.0
and earlier. It uses the
NOTE: For upstream this works as intended and is documented. Proposed
NOTE: solution of switching the default might be dangerous for users
who rely on
NOTE: the current behavior.
+ NOTE:
https://github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb
+ NOTE: adds already support to disable use of picke in load/save.
+ NOTE: Proposed fix/partial mitigation via:
+ NOTE: https://github.com/numpy/numpy/pull/12889
CVE-2019-6445 (An issue was discovered in NTPsec before 1.1.3. An
authenticated ...)
- ntpsec 1.1.3+dfsg1-1 (bug #919513)
CVE-2019-6444 (An issue was discovered in NTPsec before 1.1.3.
process_control() in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c66054220154522b6af3474695fb57577ac125b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c66054220154522b6af3474695fb57577ac125b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
