Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e188394 by Ola Lundqvist at 2019-02-05T22:47:30Z
Triage results.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -334,6 +334,7 @@ CVE-2019-7311
RESERVED
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an
integer ...)
- poppler <unfixed> (bug #921215)
+ [jessie] - poppler <ignored> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
@@ -1110,6 +1111,7 @@ CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in
the GD Graphics Library
NOTE: Proposed patch:
https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
CVE-2019-6976 (libvips before 8.7.4 writes to uninitialized memory locations
in ...)
- vips 8.7.4-1
+ [jessie] - vips <ignored> (Minor Issue)
NOTE:
https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
CVE-2019-6975
RESERVED
@@ -68796,6 +68798,7 @@ CVE-2018-1340 [Secure flag missing from session cookie]
RESERVED
- guacamole-client <unfixed> (bug #920796)
- guacamole <removed>
+ [jessie] - guacamole-client <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/24/2
NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-549
NOTE: https://github.com/apache/guacamole-client/pull/273
=====================================
data/dla-needed.txt
=====================================
@@ -62,6 +62,8 @@ ghostscript (Emilio)
--
gnutls28
--
+golang
+--
imagemagick
NOTE: 20181227: We should address the many open issues in imagemagick either
NOTE: by patching them separetely as we did in Wheezy or by updating to a
@@ -75,6 +77,8 @@ libarchive
libav (Mike Gabriel)
NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet.
--
+liblivemedia
+--
libraw (Abhijith PA)
NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
NOTE: especially those that are still marked vulnerable in Stretch but also
@@ -119,6 +123,11 @@ php5 (Roberto C. Sánchez)
php-pear
NOTE: 20190203: CVE-2018-1000888 needed for drupal7. I will look into this
after libraw. (abhijith)
--
+phpmyadmin
+ NOTE: CVE-2019-6798: SQL injection is serious but if you have been able to
login as a crafted user
+ NOTE: CVE-2019-6798: that is a more serious problem. The fix is simple so it
can still be worth fixing
+ NOTE: CVE-2019-6798: but it is not urgent. Do it together with CVE-2019-6799.
+--
polarssl
NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to
move to latest version, etc. (!). (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e188394b653829603d15cd6c91df46a8d82a2c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e188394b653829603d15cd6c91df46a8d82a2c9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
