Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7dfe49f8 by Hugo Lefeuvre at 2019-10-17T11:45:39Z
dla-needed: update cacti and pam-python notes
claim freeimage
- - - - -
0c972428 by Hugo Lefeuvre at 2019-10-17T11:45:40Z
add Debian bug for CVE-2019-16729
- - - - -
f8931f4d by Hugo Lefeuvre at 2019-10-17T11:45:40Z
dsa-needed: claim freeimage
- - - - -
3 changed files:
- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2408,7 +2408,7 @@ CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that
can add an user account
CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information
disclosu ...)
NOT-FOR-US: Home Assistant
CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the
default enviro ...)
- - pam-python 1.0.7-1
+ - pam-python 1.0.7-1 (bug #942514)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
NOTE:
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in
net/rds/recv. ...)
=====================================
data/dla-needed.txt
=====================================
@@ -20,8 +20,10 @@ cacti (Hugo Lefeuvre)
NOTE: 20191016: jessie and stretch don't seem to be affected, see
NOTE: https://lists.debian.org/debian-lts/2019/10/msg00081.html for more
details
NOTE: waiting for feedback from upstream:
https://github.com/Cacti/cacti/issues/2964
+ NOTE: 20190117: upstream answered positively. waiting for him to rework a
few things
+ NOTE: before updating the tracker.
--
-freeimage
+freeimage (Hugo Lefeuvre)
NOTE: Maintainer will take care of the update.
NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
NOTE: 20190707: maintainer is waiting for upstream
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
@@ -111,7 +113,10 @@ opendmarc (Thorsten Alteholz)
NOTE: 20191013: testing package
--
pam-python (Hugo Lefeuvre)
- NOTE: 20190927: Upstream appear to not have a distinct revision for this
fix, using a single commit for the entire release which changes many things.
(lamby)
+ NOTE: 20190927: Upstream appear to not have a distinct revision for this fix,
+ NOTE: using a single commit for the entire release which changes many
things. (lamby)
+ NOTE: 20191017: opened bug report and asked Russell (both Debian maintainer
& upstream)
+ NOTE: for more information.
--
polarssl
--
=====================================
data/dsa-needed.txt
=====================================
@@ -21,7 +21,7 @@ curl (ghedo)
--
evince/oldstable
--
-freeimage
+freeimage (hle)
--
glusterfs/oldstable
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9230da06754e42eee20625be473660607c8b59f2...f8931f4d2d26ab44f5e16b42fea51b74db347fab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9230da06754e42eee20625be473660607c8b59f2...f8931f4d2d26ab44f5e16b42fea51b74db347fab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
