Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b06c3ea5 by Thorsten Alteholz at 2019-09-26T07:06:28Z
add file-roller
- - - - -
775aba4d by Thorsten Alteholz at 2019-09-26T07:06:57Z
new poppler issue appeared
- - - - -
a93e96e4 by Thorsten Alteholz at 2019-09-26T07:33:07Z
mark CVE-2019-2389 as no-dsa for jessie
- - - - -
8ac95d0c by Thorsten Alteholz at 2019-09-26T07:35:00Z
mark CVE-2019-15941 as not-affected for jessie
- - - - -
e41c6600 by Thorsten Alteholz at 2019-09-26T07:45:20Z
mark CVE-2019-15699 as not-affected for jessie
- - - - -
378378c8 by Thorsten Alteholz at 2019-09-26T07:48:31Z
mark CVE-2019-16411 and CVE-2019-16410 as no-dsa for jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1157,11 +1157,13 @@ CVE-2019-16411 (An issue was discovered in Suricata
4.1.4. By sending multiple I
- suricata 1:4.1.5-1 (low)
[buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
+ [jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple
fragmen ...)
- suricata 1:4.1.5-1 (low)
[buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
+ [jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16409
RESERVED
@@ -2489,6 +2491,7 @@ CVE-2019-15941 [oidc authorization codes are not tied to
their RP]
RESERVED
- lemonldap-ng 2.0.6+ds-1
[stretch] - lemonldap-ng <ignored> (Restrictions on OIDC federation
added in 2.0)
+ [jessie] - lemonldap-ng <not-affected> (Vulnerable code introduced
later)
NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on
OIDC federation
NOTE: were added only in 2.0 the vulnerability has no effect. The
vulnerability
NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC
before)
@@ -3210,6 +3213,7 @@ CVE-2019-15699 (An issue was discovered in
app-layer-ssl.c in Suricata 4.1.4. Up
- suricata 1:4.1.5-1 (low)
[buster] - suricata <no-dsa> (Minor issue)
[stretch] - suricata <no-dsa> (Minor issue)
+ [jessie] - suricata <not-affected> (Vulnerable code introduced later)
NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain
circumstances, ...)
NOT-FOR-US: Octopus Deploy
@@ -41875,6 +41879,7 @@ CVE-2019-2390 (An unprivileged user or program on
Microsoft Windows which can cr
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's
packaged SysV ...)
- mongodb <unfixed> (low)
[stretch] - mongodb <ignored> (Minor issue)
+ [jessie] - mongodb <ignored> (Minor issue)
CVE-2019-2388
RESERVED
CVE-2019-2387
=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ clamav
--
e2fsprogs (Thorsten Alteholz)
--
+file-roller
+--
freeimage
NOTE: Maintainer will take care of the update.
NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
@@ -108,6 +110,8 @@ openjpeg2
--
pam-python
--
+poppler (Thorsten Alteholz)
+--
radare2
NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/21b8328b5cfb7024f2e1e3800339f5eb0124b0b1...378378c81c9a10eb4c9c7010d8e144cb19d3978c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/21b8328b5cfb7024f2e1e3800339f5eb0124b0b1...378378c81c9a10eb4c9c7010d8e144cb19d3978c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
