Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
22d61e17 by Thorsten Alteholz at 2019-10-26T21:30:40Z
some DLAs will be fixed in next upload
- - - - -
d675f98b by Thorsten Alteholz at 2019-10-26T21:31:31Z
Reserve DLA-1972-1 for mosquitto
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -71532,13 +71532,11 @@ CVE-2018-12552
CVE-2018-12551 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is
configured ...)
{DSA-4388-1}
- mosquitto 1.5.6-1 (bug #921976)
- [jessie] - mosquitto <postponed> (Minor issue)
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12551
CVE-2018-12550 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is
configured ...)
{DSA-4388-1}
- mosquitto 1.5.6-1 (bug #921976)
- [jessie] - mosquitto <postponed> (Minor issue)
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12550
CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may
incorrec ...)
@@ -136720,7 +136718,6 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and
older, 9.3.x (all configurat
CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null
Dereference vu ...)
- mosquitto 1.5.4-1 (low)
[stretch] - mosquitto <no-dsa> (Minor issue)
- [jessie] - mosquitto <postponed> (Minor issue)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
NOTE:
https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24
CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak
vulnerability w ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Oct 2019] DLA-1972-1 mosquitto - security update
+ {CVE-2017-7655 CVE-2018-12550 CVE-2018-12551 CVE-2019-11779}
+ [jessie] - mosquitto 1.3.4-2+deb8u4
[26 Oct 2019] DLA-1971-1 libarchive - security update
{CVE-2019-18408}
[jessie] - libarchive 3.1.2-11+deb8u8
=====================================
data/dla-needed.txt
=====================================
@@ -82,8 +82,6 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
-mosquitto (Thorsten Alteholz)
---
nghttp2
NOTE: 20190930: nghttp2 in jessie is likely not affected by
CVE-2019-95{11,13}.
NOTE: 20190930: waiting for feedback from Thorsten and Abhijith as they put
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/646b42dbdc7fc76adfd1511fdface04a8d2e96c6...d675f98be85e5f1eb4b46167bc35cfd189924980
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/646b42dbdc7fc76adfd1511fdface04a8d2e96c6...d675f98be85e5f1eb4b46167bc35cfd189924980
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
