[Git][security-tracker-team/security-tracker][master] buster/stretch triage

Thu, 25 Jul 2019 13:45:26 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a91e6df6 by Moritz Muehlenhoff at 2019-07-25T20:42:27Z
buster/stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1346,7 +1346,9 @@ CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 
2.6.9, and 2.4.0 to 2.4.15
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9
 CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a 
heap-bas ...)
-       - gpac <unfixed> (bug #932242)
+       - gpac <unfixed> (low; bug #932242)
+       [buster] - gpac <no-dsa> (Minor issue)
+       [stretch] - gpac <no-dsa> (Minor issue)
        NOTE: https://github.com/gpac/gpac/issues/1250
        NOTE: 
https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
 CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer 
over-read in ...)
@@ -2589,6 +2591,7 @@ CVE-2019-13510
        RESERVED
 CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE 
before 17.06. ...)
        - docker.io <unfixed> (bug #932673)
+       [buster] - docker.io <no-dsa> (Minor issue)
 CVE-2019-13508
        RESERVED
 CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. 
...)
@@ -2725,7 +2728,9 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division 
by Zero in RemoveDuplic
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
 CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed 
zip arc ...)
-       - zipios++ <unfixed> (bug #932556)
+       - zipios++ <unfixed> (low; bug #932556)
+       [buster] - zipios++ <no-dsa> (Minor issue)
+       [stretch] - zipios++ <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
        NOTE: Patch: 
https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
 CVE-2019-13452
@@ -5293,10 +5298,12 @@ CVE-2018-20840 (An unhandled exception vulnerability 
exists during Google Sign-I
        NOT-FOR-US: Google Sign-In
 CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length 
0) of the ...)
        - firejail 0.9.58.2-2 (bug #929733)
+       [stretch] - firejail <no-dsa> (Minor issue)
        NOTE: https://github.com/netblue30/firejail/issues/2401
        NOTE: 
https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
 CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside 
the jai ...)
        - firejail 0.9.58.2-2 (bug #929732)
+       [stretch] - firejail <no-dsa> (Minor issue)
        NOTE: https://github.com/netblue30/firejail/issues/2718
        NOTE: 
https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
 CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case 
in _ctl ...)
@@ -12247,7 +12254,8 @@ CVE-2019-1010230
 CVE-2019-1010229
        RESERVED
 CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer 
Overflow. The im ...)
-       - dcmtk 3.6.4-1
+       - dcmtk 3.6.4-1 (low)
+       [stretch] - dcmtk <no-dsa> (Minor issue)
        NOTE: https://support.dcmtk.org/redmine/issues/858
        NOTE: https://github.com/commontk/DCMTK/commit/40917614e
 CVE-2019-1010227


=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 chromium
 --
+evince/oldstable
+--
 faad2
   not yet fixed upstream
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a91e6df6625f9c4b3612ff709daa0129c7ad3819

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a91e6df6625f9c4b3612ff709daa0129c7ad3819
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to