[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-17371 as no-dsa for Jessie

Thorsten Alteholz Fri, 18 Oct 2019 03:18:24 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4df2db6f by Thorsten Alteholz at 2019-10-18T10:19:15Z
mark CVE-2019-17371 as no-dsa for Jessie

- - - - -
df884cd4 by Thorsten Alteholz at 2019-10-18T10:19:55Z
no upload needed for libpng

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2939,6 +2939,7 @@ CVE-2019-17371 (libpng 1.6.37 has memory leaks in 
png_malloc_warn and png_create
        [buster] - libpng1.6 <no-dsa> (Minor issue)
        [stretch] - libpng1.6 <no-dsa> (Minor issue)
        - libpng <removed>
+       [jessie] - libpng <no-dsa> (Minor issue)
        NOTE: https://github.com/glennrp/libpng/issues/307
 CVE-2019-17370 (OTCMS v3.85 allows arbitrary PHP Code Execution because 
admin/sysCheck ...)
        NOT-FOR-US: OTCMS


=====================================
data/dla-needed.txt
=====================================
@@ -82,8 +82,6 @@ libmatio (Adrian Bunk)
 --
 libpcap (Abhijith PA)
 --
-libpng (Thorsten Alteholz)
---
 libqb
   NOTE: 20190616: Upstream patch does not apply at all, but it appears that
   NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42...df884cd412157eb474bc2552d0c65436cbc0ea50

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42...df884cd412157eb474bc2552d0c65436cbc0ea50
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-17371 as no-dsa for Jessie

Reply via email to