Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 636f8421 by Chris Lamb at 2019-02-06T10:35:14Z data/dla-needed.txt: Drop errant parens. - - - - - 47dce753 by Chris Lamb at 2019-02-06T10:52:23Z data/dla-needed.txt: Correct ordering - - - - - b78664e3 by Chris Lamb at 2019-02-06T10:52:31Z data/dla-needed.txt: Claim golang. - - - - - 3cdc6efc by Chris Lamb at 2019-02-06T10:52:49Z data/dla-needed.txt: Claim dovecot. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -17,7 +17,7 @@ ceph -- coturn (Emilio) -- -dovecot +dovecot (Chris Lamb) -- drupal7 NOTE: 20190203: For CVE-2019-6339 CVE-2018-1000888 in php-pear need a fix. I have uploaded drupal7 before. @@ -62,7 +62,7 @@ ghostscript (Emilio) -- gnutls28 -- -golang +golang (Chris Lamb) -- imagemagick NOTE: 20181227: We should address the many open issues in imagemagick either @@ -91,7 +91,7 @@ libraw (Abhijith PA) libreoffice -- libsolv - NOTE: 20191027: maintainer is Mike Gabriel) + NOTE: 20191027: maintainer is Mike Gabriel -- libthrift-java (Markus Koschany) -- @@ -118,11 +118,11 @@ openjdk-7 -- openssh (Mike Gabriel) -- -php5 (Roberto C. Sánchez) --- php-pear NOTE: 20190203: CVE-2018-1000888 needed for drupal7. I will look into this after libraw. (abhijith) -- +php5 (Roberto C. Sánchez) +-- phpmyadmin NOTE: CVE-2019-6798: SQL injection is serious but if you have been able to login as a crafted user NOTE: CVE-2019-6798: that is a more serious problem. The fix is simple so it can still be worth fixing @@ -131,24 +131,22 @@ phpmyadmin polarssl NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby) -- -python3.4 (Brian May) - NOTE: 20181225: The update should include also the postponed and no-dsa - NOTE: issues which were already fixed by us in Wheezy. (apo) - NOTE: 20190120: Have patched all known vulnerabilies, now testing. --- python-gnupg NOTE: 20190201: Bug can be reproduced on Buster/Sid with Jessie's version of NOTE: python-gnupg. Reproducer will not work in Jessie environment because of NOTE: older python version. (apo) -- +python3.4 (Brian May) + NOTE: 20181225: The update should include also the postponed and no-dsa + NOTE: issues which were already fixed by us in Wheezy. (apo) + NOTE: 20190120: Have patched all known vulnerabilies, now testing. +-- qemu (Hugo Lefeuvre) NOTE: CVE-2018-19665: working on a highly trimmed down version of upstream patch NOTE: CVE-2018-19665: also, current patch will not be merged by upstream, wait for updated version NOTE: CVE-2018-19665: see https://lists.debian.org/debian-lts/2019/01/msg00073.html NOTE: 20190129: working on a second upload addressing latest cves -- -uriparser (Thorsten Alteholz) --- rdesktop (Emilio) -- sox @@ -173,6 +171,8 @@ tiff NOTE: CVE-2018-18661: Not possible to prove it fixes the specified vulnerability. NOTE: CVE-2018-18661: See thread starting at https://lists.debian.org/debian-lts/2018/11/msg00033.html -- +uriparser (Thorsten Alteholz) +-- uw-imap (Roberto C. Sánchez) NOTE: 20190128: Still on hold pending response from maintainer, c.f. #914632 (roberto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e97028fba9694bed83f697347d9d1a03f0f30410...3cdc6efcbb10ba748db237b9b1e53dc45b664914 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e97028fba9694bed83f697347d9d1a03f0f30410...3cdc6efcbb10ba748db237b9b1e53dc45b664914 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
