Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60058f1f by Thorsten Alteholz at 2019-07-30T17:40:52Z
add jackson-databind
- - - - -
e498f5c3 by Thorsten Alteholz at 2019-07-30T17:43:07Z
add xymon
- - - - -
04f6b0ca by Thorsten Alteholz at 2019-07-30T17:45:02Z
add scapy
- - - - -
340fcbb9 by Thorsten Alteholz at 2019-07-30T17:48:54Z
add qbittorrent
- - - - -
ef8bfb81 by Thorsten Alteholz at 2019-07-30T17:55:41Z
mark CVE-2019-14274 for mcpp as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -450,6 +450,7 @@ CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based
buffer overflow in the cal
NOTE: Crash in CLI tool, no security impact, hardening build
CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg()
function i ...)
- mcpp <unfixed>
+ [jessie] - mcpp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcpp/bugs/13/
CVE-2019-14273
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -41,6 +41,8 @@ hdf5 (Hugo Lefeuvre)
imagemagick (Hugo Lefeuvre)
NOTE: triage work first, large number of open issues
--
+jackson-databind
+--
libav
NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no
patch
@@ -86,6 +88,8 @@ proftpd-dfsg (Markus Koschany)
--
python2.7 (Thorsten Alteholz)
--
+qbittorrent
+--
qemu
NOTE: 20190528: An upload candidate is waiting for being tested on real
hardware.
NOTE: 20190528: Still need to set up a notebook with jessie installed for
testing.
@@ -103,6 +107,8 @@ ruby-openid
NOTE: 20190710: I'm at a loss to how to continue persuing this issue (see
https://github.com/openid/ruby-openid/issues/122) so returning to the pool.
(lamby)
NOTE: 20190726: Still unknown how to fix (see aforementioned github issue)
(lamby)
--
+scapy
+--
slurm-llnl
--
sox
@@ -144,3 +150,5 @@ wpa
xen
NOTE: 20190629: Contacted credativ support and asked for a status update
--
+xymon (Thorsten alteholz)
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/782178d536c3cd170cb1c6ce82b4c4eb3c990bd2...ef8bfb819fae4a1d9b102f54bb2d3d1d1bc3b0c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/782178d536c3cd170cb1c6ce82b4c4eb3c990bd2...ef8bfb819fae4a1d9b102f54bb2d3d1d1bc3b0c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
