[Git][security-tracker-team/security-tracker][master] 10 commits: follow security team with no-dsa for CVE-2019-10206 in Jessie

Thorsten Alteholz Fri, 26 Jul 2019 05:26:09 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
46b21c43 by Thorsten Alteholz at 2019-07-26T12:16:48Z
follow security team with no-dsa for CVE-2019-10206 in Jessie

- - - - -
c37fc4a4 by Thorsten Alteholz at 2019-07-26T12:16:48Z
follow security team with no-dsa for CVE-2019-1010228 in Jessie

- - - - -
98d65a76 by Thorsten Alteholz at 2019-07-26T12:16:49Z
follow security team with no-dsa for CVE-2019-14249 in Jessie

- - - - -
f0f4c9c0 by Thorsten Alteholz at 2019-07-26T12:16:50Z
follow security team with no-dsa for CVE-2019-13618 in Jessie

- - - - -
de3f3673 by Thorsten Alteholz at 2019-07-26T12:16:51Z
follow security team with no-dsa for CVE-2019-13615 in Jessie

- - - - -
aa1120a3 by Thorsten Alteholz at 2019-07-26T12:16:51Z
follow security team with no-dsa for CVE-2019-1010189 in Jessie

- - - - -
e50c6489 by Thorsten Alteholz at 2019-07-26T12:16:52Z
follow security team with no-dsa for CVE-2019-1010190 in Jessie

- - - - -
9d003bdd by Thorsten Alteholz at 2019-07-26T12:16:53Z
follow security team with no-dsa for CVE-2019-13565 in Jessie

- - - - -
1d6c174e by Thorsten Alteholz at 2019-07-26T12:16:54Z
follow security team with no-dsa for CVE-2019-13057 in Jessie

- - - - -
d9162aef by Thorsten Alteholz at 2019-07-26T12:16:54Z
follow security team with no-dsa for CVE-2019-13453 in Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,6 +75,7 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 
2019-07-05 allows at
        - dwarfutils <unfixed> (low)
        [buster] - dwarfutils <no-dsa> (Minor issue)
        [stretch] - dwarfutils <no-dsa> (Minor issue)
+       [jessie] - dwarfutils <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/
        NOTE: Fixed by: 
https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
 CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c 
allows  ...)
@@ -1389,6 +1390,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, 
isomedia/isom_read.c in libgpac.a has a he
        - gpac <unfixed> (low; bug #932242)
        [buster] - gpac <no-dsa> (Minor issue)
        [stretch] - gpac <no-dsa> (Minor issue)
+       [jessie] - gpac <no-dsa> (Minor issue)
        NOTE: https://github.com/gpac/gpac/issues/1250
        NOTE: 
https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
 CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer 
over-read in ...)
@@ -1400,6 +1402,7 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 
1.2.15 and 2.x through 2.
 CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN 
VLC Media  ...)
        - libebml 1.3.6-1 (low; bug #932241)
        [stretch] - libebml <no-dsa> (Minor issue)
+       [jessie] - libebml <no-dsa> (Minor issue)
        NOTE: https://trac.videolan.org/vlc/ticket/22474
        NOTE: Issue was originally reported to vlc project, but the underlying 
issue is
        NOTE: found in the libebml library
@@ -2518,6 +2521,7 @@ CVE-2019-13565 [openldap: ACL protections get lost if 
same identity uses differe
        - openldap 2.4.48+dfsg-1 (low; bug #932998)
        [buster] - openldap <no-dsa> (Minor issue)
        [stretch] - openldap <no-dsa> (Minor issue)
+       [jessie] - openldap <no-dsa> (Minor issue)
        NOTE: https://openldap.org/its/?findid=9052
 CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 
1.5. ...)
        NOT-FOR-US: Ping Identity Agentless Integration Kit
@@ -2771,6 +2775,7 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly 
handle certain malformed z
        - zipios++ <unfixed> (low; bug #932556)
        [buster] - zipios++ <no-dsa> (Minor issue)
        [stretch] - zipios++ <no-dsa> (Minor issue)
+       [jessie] - zipios++ <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
        NOTE: Patch: 
https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
 CVE-2019-13452
@@ -3793,6 +3798,7 @@ CVE-2019-13057 [openldap: rootdn of any db can assert any 
identity]
        - openldap 2.4.48+dfsg-1 (low; bug #932997)
        [buster] - openldap <no-dsa> (Minor issue)
        [stretch] - openldap <no-dsa> (Minor issue)
+       [jessie] - openldap <no-dsa> (Minor issue)
        NOTE: https://openldap.org/its/?findid=9038
 CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the 
user edit  ...)
        NOT-FOR-US: CyberPanel
@@ -11111,6 +11117,7 @@ CVE-2019-10206 [disclosure data when prompted for 
password and template characte
        - ansible <unfixed> (bug #933005)
        [buster] - ansible <no-dsa> (Minor issue)
        [stretch] - ansible <no-dsa> (Minor issue)
+       [jessie] - ansible <no-dsa> (Minor issue)
        NOTE: https://github.com/ansible/ansible/pull/59246
        NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
        NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553
@@ -12298,6 +12305,7 @@ CVE-2019-1010229
 CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer 
Overflow. The im ...)
        - dcmtk 3.6.4-1 (low)
        [stretch] - dcmtk <no-dsa> (Minor issue)
+       [jessie] - dcmtk <no-dsa> (Minor issue)
        NOTE: https://support.dcmtk.org/redmine/issues/858
        NOTE: https://github.com/commontk/DCMTK/commit/40917614e
 CVE-2019-1010227
@@ -12383,10 +12391,12 @@ CVE-2019-1010191 (marginalia &lt; 1.6 is affected by: 
SQL Injection. The impact
 CVE-2019-1010190 (mgetty prior to 1.2.1 is affected by: out-of-bounds read. 
The impact i ...)
        - mgetty 1.2.1-1
        [stretch] - mgetty <no-dsa> (Minor issue)
+       [jessie] - mgetty <no-dsa> (Minor issue)
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 CVE-2019-1010189 (mgetty prior to version 1.2.1 is affected by: Infinite Loop. 
The impac ...)
        - mgetty 1.2.1-1
        [stretch] - mgetty <no-dsa> (Minor issue)
+       [jessie] - mgetty <no-dsa> (Minor issue)
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 CVE-2019-1010188
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/924991174a870dad4f3339c293bd95e35f7bfb91...d9162aef1029ff14284449258da4ca9cec14fa6c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/924991174a870dad4f3339c293bd95e35f7bfb91...d9162aef1029ff14284449258da4ca9cec14fa6c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 10 commits: follow security team with no-dsa for CVE-2019-10206 in Jessie

Reply via email to