[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs will be fixed in future upload

Thorsten Alteholz Sat, 28 Sep 2019 02:38:50 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
829fb1de by Thorsten Alteholz at 2019-09-28T09:40:55Z
CVEs will be fixed in future upload

- - - - -
9150ef1b by Thorsten Alteholz at 2019-09-28T09:41:57Z
Reserve DLA-1934-1 for cimg

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -79776,35 +79776,30 @@ CVE-2018-7642 (The swap_std_reloc_in function in 
aoutx.h in the Binary File Desc
 CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read i ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/185
        NOTE: 
https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read i ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/185
        NOTE: 
https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read i ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/185
        NOTE: 
https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read i ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/185
        NOTE: 
https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read i ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/185
        NOTE: 
https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
@@ -79907,14 +79902,12 @@ CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via 
/admin/users/new/add, resulting in
 CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in 
load_bmp in CI ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/184
        NOTE: 
https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read i ...)
        - cimg 2.3.6+dfsg-1 (low; bug #892780)
        [stretch] - cimg <no-dsa> (Minor issue)
-       [jessie] - cimg <no-dsa> (Minor issue)
        [wheezy] - cimg <no-dsa> (Minor issue)
        NOTE: https://github.com/dtschump/CImg/issues/183
        NOTE: 
https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Sep 2019] DLA-1934-1 cimg - security update
+       {CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638 CVE-2018-7639 
CVE-2018-7640 CVE-2018-7641 CVE-2019-1010174}
+       [jessie] - cimg 1.5.9+dfsg-1+deb8u1
 [26 Sep 2019] DLA-1933-1 ruby-nokogiri - security update
        {CVE-2019-5477}
        [jessie] - ruby-nokogiri 1.6.3.1+ds-1+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -15,10 +15,6 @@ ampache
 --
 apache2 (Markus Koschany)
 --
-cimg (Thorsten Alteholz)
-  NOTE: inline function load_network_external is affected, variable filename
-  NOTE: 20190916: also taking care of no-dsa
---
 clamav
   NOTE: wait for definitive patch to be available, then upgrade to latest 
upstream
   NOTE: release (follow stretch changes) (hle)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/00ca70f4e12555ca1e415fd0048abfd67eb1896d...9150ef1b1158ffab893354e79dfda4092d54a8d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/00ca70f4e12555ca1e415fd0048abfd67eb1896d...9150ef1b1158ffab893354e79dfda4092d54a8d2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs will be fixed in future upload

Reply via email to