Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1033631d by Hugo Lefeuvre at 2019-09-02T13:10:18Z dla-needed: update imagemagick entry see https://lists.debian.org/debian-lts/2019/09/msg00004.html - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -50,10 +50,15 @@ hdf5 (Hugo Lefeuvre) icedtea-web (Markus Koschany) -- imagemagick - NOTE: 20190829: Several <no-dsa> and <postponed> issues some of them with simple patch - NOTE: 20190829: are still open for jessie. Should be revisited with policy in mind that - NOTE: 20190829: we also work on <no-dsa> issues whereas the security team would not. - NOTE: 20190829: Only claim this, if nothing more urgent is available in dla-needed.txt. + NOTE: 20190902: several minor postponed issues with simple patch: preparing an update + NOTE: just for them would be wasting time, but let's include these patches in a + NOTE: future update when new issues appear. + NOTE: CVE-2019-13391, CVE-2019-13308: patch is large, undocumented and potentially + NOTE: insufficient. wait for upstream to answer on bug report, or tag <ignored>. + NOTE: CVE-2019-10131: patch is sufficient, but technically so-so in my opinion: + NOTE: instead of avoiding off-by-one reads (check length BEFORE reading, not after!) + NOTE: we allocate one more byte. this works, but does not 'obviously' fix the issue and + NOTE: can be misleading... DEP3 comments would be nice. (hle) -- libav (Mike Gabriel) NOTE: 20190831: There are currently 19 CVE issues known for libav in jessie, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1033631d635e0c96f59ede88e5fd72b9cde7bd33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1033631d635e0c96f59ede88e5fd72b9cde7bd33 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
