Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9e188394 by Ola Lundqvist at 2019-02-05T22:47:30Z Triage results. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -334,6 +334,7 @@ CVE-2019-7311 RESERVED CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer ...) - poppler <unfixed> (bug #921215) + [jessie] - poppler <ignored> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717 NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172 @@ -1110,6 +1111,7 @@ CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library NOTE: Proposed patch: https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced CVE-2019-6976 (libvips before 8.7.4 writes to uninitialized memory locations in ...) - vips 8.7.4-1 + [jessie] - vips <ignored> (Minor Issue) NOTE: https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a CVE-2019-6975 RESERVED @@ -68796,6 +68798,7 @@ CVE-2018-1340 [Secure flag missing from session cookie] RESERVED - guacamole-client <unfixed> (bug #920796) - guacamole <removed> + [jessie] - guacamole-client <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2019/01/24/2 NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-549 NOTE: https://github.com/apache/guacamole-client/pull/273 ===================================== data/dla-needed.txt ===================================== @@ -62,6 +62,8 @@ ghostscript (Emilio) -- gnutls28 -- +golang +-- imagemagick NOTE: 20181227: We should address the many open issues in imagemagick either NOTE: by patching them separetely as we did in Wheezy or by updating to a @@ -75,6 +77,8 @@ libarchive libav (Mike Gabriel) NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet. -- +liblivemedia +-- libraw (Abhijith PA) NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too, NOTE: especially those that are still marked vulnerable in Stretch but also @@ -119,6 +123,11 @@ php5 (Roberto C. Sánchez) php-pear NOTE: 20190203: CVE-2018-1000888 needed for drupal7. I will look into this after libraw. (abhijith) -- +phpmyadmin + NOTE: CVE-2019-6798: SQL injection is serious but if you have been able to login as a crafted user + NOTE: CVE-2019-6798: that is a more serious problem. The fix is simple so it can still be worth fixing + NOTE: CVE-2019-6798: but it is not urgent. Do it together with CVE-2019-6799. +-- polarssl NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e188394b653829603d15cd6c91df46a8d82a2c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e188394b653829603d15cd6c91df46a8d82a2c9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits