Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 829fb1de by Thorsten Alteholz at 2019-09-28T09:40:55Z CVEs will be fixed in future upload - - - - - 9150ef1b by Thorsten Alteholz at 2019-09-28T09:41:57Z Reserve DLA-1934-1 for cimg - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -79776,35 +79776,30 @@ CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Desc CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb @@ -79907,14 +79902,12 @@ CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/184 NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - cimg 2.3.6+dfsg-1 (low; bug #892780) [stretch] - cimg <no-dsa> (Minor issue) - [jessie] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/183 NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[28 Sep 2019] DLA-1934-1 cimg - security update + {CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638 CVE-2018-7639 CVE-2018-7640 CVE-2018-7641 CVE-2019-1010174} + [jessie] - cimg 1.5.9+dfsg-1+deb8u1 [26 Sep 2019] DLA-1933-1 ruby-nokogiri - security update {CVE-2019-5477} [jessie] - ruby-nokogiri 1.6.3.1+ds-1+deb8u1 ===================================== data/dla-needed.txt ===================================== @@ -15,10 +15,6 @@ ampache -- apache2 (Markus Koschany) -- -cimg (Thorsten Alteholz) - NOTE: inline function load_network_external is affected, variable filename - NOTE: 20190916: also taking care of no-dsa --- clamav NOTE: wait for definitive patch to be available, then upgrade to latest upstream NOTE: release (follow stretch changes) (hle) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/00ca70f4e12555ca1e415fd0048abfd67eb1896d...9150ef1b1158ffab893354e79dfda4092d54a8d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/00ca70f4e12555ca1e415fd0048abfd67eb1896d...9150ef1b1158ffab893354e79dfda4092d54a8d2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits