[Git][security-tracker-team/security-tracker][master] 4 commits: new CVE for patch

Thorsten Alteholz Mon, 22 Jul 2019 04:08:55 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
34983754 by Thorsten Alteholz at 2019-07-22T10:51:07Z
new CVE for patch

- - - - -
cb44e616 by Thorsten Alteholz at 2019-07-22T10:51:59Z
mark CVE-2019-1010060 as no-dsa for Jessie

- - - - -
12510a5b by Thorsten Alteholz at 2019-07-22T10:57:24Z
mark CVE-2019-13117 for Jessie as no-dsa

- - - - -
5d8dab73 by Thorsten Alteholz at 2019-07-22T10:57:54Z
mark CVE-2019-13118 for Jessie as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3433,6 +3433,7 @@ CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type 
holding grouping characte
        - libxslt <unfixed> (low; bug #931320)
        [buster] - libxslt <no-dsa> (Minor issue)
        [stretch] - libxslt <no-dsa> (Minor issue)
+       [jessie] - libxslt <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
        NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
@@ -3440,6 +3441,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an 
xsl:number with certain forma
        - libxslt <unfixed> (low; bug #931321)
        [buster] - libxslt <no-dsa> (Minor issue)
        [stretch] - libxslt <no-dsa> (Minor issue)
+       [jessie] - libxslt <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
        NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
@@ -12455,6 +12457,7 @@ CVE-2019-1010061
 CVE-2019-1010060 (NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. 
The impact ...)
        - cfitsio 3.430-1 (low; bug #892458)
        [stretch] - cfitsio <no-dsa> (Minor issue)
+       [jessie] - cfitsio <no-dsa> (Minor issue)
        NOTE: The issue is specifically to other issues not covered by 
CVE-2018-3846,
        NOTE: CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849 but fixed in 
3.43. One
        NOTE: example is ftp_status in drvrnet.c mishandling a long string 
beginning


=====================================
data/dla-needed.txt
=====================================
@@ -89,6 +89,8 @@ openjdk-7 (Markus Koschany)
 --
 otrs2 (Abhijith PA)
 --
+patch (Thorsten Alteholz)
+--
 php5
 --
 pound (Hugo Lefeuvre)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5baaad020b47fd3ef12af2a452e4714447d3ea4d...5d8dab73ffccc7d12e2fc77e6f8db07aeb57035a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5baaad020b47fd3ef12af2a452e4714447d3ea4d...5d8dab73ffccc7d12e2fc77e6f8db07aeb57035a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: new CVE for patch

Reply via email to