Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca46f2f6 by Thorsten Alteholz at 2019-12-02T06:58:43Z
mark CVE-2019-6477 as not-affected for jessie
- - - - -
b935e915 by Thorsten Alteholz at 2019-12-02T06:59:05Z
no more CVEs for bind9
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -41182,6 +41182,7 @@ CVE-2019-6477 (With pipelining enabled each incoming
query on a TCP connection r
- bind9 <unfixed> (bug #945171)
[buster] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
+ [jessie] - bind9 <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2019-6477
CVE-2019-6476 (A defect in code added to support QNAME minimization can cause
named t ...)
- bind9 <not-affected> (Vulnerable code not present)
=====================================
data/dla-needed.txt
=====================================
@@ -15,9 +15,6 @@ ansible
NOTE: CVE-2019-14846 should be an easy fix.
NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly.
(utkarsh2102)
--
-bind9 (Thorsten Alteholz)
- NOTE: no point release in Jessie, so fix it here
---
clamav (hle)
--
exiv2 (daissi)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/886b48daafb65f99e2f99831f658154b3b6cbf9f...b935e9157c183cefb6cc8e583c9785486b1cfcc3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/886b48daafb65f99e2f99831f658154b3b6cbf9f...b935e9157c183cefb6cc8e583c9785486b1cfcc3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
