[Git][security-tracker-team/security-tracker][master] buster/stretch triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
12bd3496 by Moritz Muehlenhoff at 2019-07-24T16:35:05Z
buster/stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3515,6 +3515,8 @@ CVE-2019-13116
        RESERVED
 CVE-2019-13115 (In libssh2 before 1.9.0, 
kex_method_diffie_hellman_group_exchange_sha2 ...)
        - libssh2 <unfixed> (bug #932329)
+       [buster] - libssh2 <no-dsa> (Minor issue)
+       [stretch] - libssh2 <no-dsa> (Minor issue)
        NOTE: https://blog.semmle.com/libssh2-integer-overflow/
        NOTE: https://github.com/libssh2/libssh2/pull/350
 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server 
to cause ...)
@@ -11989,15 +11991,18 @@ CVE-2019-1010304 (Saleor Issue was introduced by 
merge commit: e1b01bad0703afd08
 CVE-2019-1010303
        RESERVED
 CVE-2019-1010302 (jhead 3.03 is affected by: Incorrect Access Control. The 
impact is: De ...)
-       - jhead <unfixed> (bug #932146)
+       - jhead <unfixed> (unimportant; bug #932146)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679978
+       NOTE: No security impact, crash in CLI tool
 CVE-2019-1010301 (jhead 3.03 is affected by: Buffer Overflow. The impact is: 
Denial of s ...)
-       - jhead <unfixed> (bug #932145)
+       - jhead <unfixed> (unimportant; bug #932145)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679952
+       NOTE: No security impact, crash in CLI tool
 CVE-2019-1010300 (mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: 
Buffer Ove ...)
        NOT-FOR-US: libIEC61850
 CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and 
later is aff ...)
        - rustc 1.30.0+dfsg1-1
+       [stretch] - rustc <ignored> (Minor issue)
        NOTE: https://github.com/rust-lang/rust/issues/53566
        NOTE: 
https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d
 CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: 
Buffer Overflow ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -66,6 +66,10 @@ smarty3/oldstable
 --
 sox/oldstable (jmm)
 --
+squid3/oldstable
+--
+squid/stable
+--
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but 
update needs further testing before release.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12bd34967d7ec5af4c01141de7fa97ea4f6c4326

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12bd34967d7ec5af4c01141de7fa97ea4f6c4326
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits