Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: ac7d14d6 by Hugo Lefeuvre at 2019-03-18T08:40:42Z add checkstyle to dla-needed - - - - - 14cad5ca by Hugo Lefeuvre at 2019-03-18T08:46:38Z add libjpeg-turbo to dla-needed This is a somewhat older cve. Not sure why we never triaged it. Patch is available so we should either release a dla or triage it no-dsa. - - - - - 20a7f851 by Hugo Lefeuvre at 2019-03-18T08:50:49Z add libmatio to dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -9,6 +9,12 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues +-- +checkstyle + NOTE: CVE-2019-9658: changes appear to involve compatibility breakage, handle with care. + NOTE: CVE-2019-9658: removal of DTDs from http://checkstyle.sourceforge.net and + NOTE: CVE-2019-9658: http://puppycrawl.com/ might affect the validity of our default config + NOTE: CVE-2019-9658: so depending of the impact this might require a jessie update -- cron (Mike Gabriel) -- @@ -38,12 +44,19 @@ kde4libs (Hugo Lefeuvre) libav NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet. -- +libjpeg-turbo + NOTE: CVE-2018-14498: fix available. assert severity and either provide upload or triage no-dsa. +-- liblivemedia (Hugo Lefeuvre) NOTE: 20190226: CVE-2019-773{2,3}: wait for upstream patch - hle NOTE: CVE-2019-9215: at least dos, might be used for remote code execution, NOTE: CVE-2019-9215: prepared a poc and updates for jessie and stretch. NOTE: CVE-2019-9215: waiting for stretch upload before going on with jessie. -- +libmatio + NOTE: fairly high number of open issues. Not sure why we never had a look at them. + NOTE: triage work needed, help security team for fixes if needed. +-- libraw (Thorsten Alteholz) NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too, NOTE: especially those that are still marked vulnerable in Stretch but also View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/15aa1722809647edae1ebe35fcb553363614dafa...20a7f85136f9d9e74f77dc3b15a2fca4e279c713 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/15aa1722809647edae1ebe35fcb553363614dafa...20a7f85136f9d9e74f77dc3b15a2fca4e279c713 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
