Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9abb6108 by Moritz Muehlenhoff at 2019-12-10T18:44:21Z
buster/stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,15 +73,23 @@ CVE-2019-19639
RESERVED
CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a
heap-based buffe ...)
- libsixel <unfixed>
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/102
CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer
overflo ...)
- libsixel <unfixed>
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/105
CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer
overflo ...)
- libsixel <unfixed>
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/104
CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a
heap-based buffe ...)
- libsixel <unfixed>
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/103
CVE-2019-19634
RESERVED
@@ -2391,9 +2399,11 @@ CVE-2019-19335
RESERVED
CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer
overflo ...)
- libyang <unfixed> (bug #946217)
+ [buster] - libyang <no-dsa> (Minor issue)
NOTE:
https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6
CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer
overflo ...)
- libyang <unfixed> (bug #946217)
+ [buster] - libyang <no-dsa> (Minor issue)
NOTE:
https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 [KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID]
RESERVED
@@ -6427,7 +6437,9 @@ CVE-2019-18610 (An issue was discovered in manager.c in
Sangoma Asterisk through
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
CVE-2019-18609 (An issue was discovered in amqp_handle_input in
amqp_connection.c in r ...)
{DLA-2022-1}
- - librabbitmq <unfixed> (bug #946005)
+ - librabbitmq <unfixed> (low; bug #946005)
+ [buster] - librabbitmq <no-dsa> (Minor issue)
+ [stretch] - librabbitmq <no-dsa> (Minor issue)
NOTE:
https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information
modification bec ...)
NOT-FOR-US: Cezerin
@@ -11608,6 +11620,8 @@ CVE-2019-16935 (The documentation XML-RPC server in
Python through 2.7.16, 3.x t
[stretch] - python2.7 <no-dsa> (Minor issue)
[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely
use-case)
- jython <unfixed>
+ [buster] - jython <ignored> (Minor Issue)
+ [stretch] - jython <ignored> (Minor Issue)
[jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case)
- pypy <unfixed> (low)
[buster] - pypy <no-dsa> (Minor issue)
@@ -12094,6 +12108,8 @@ CVE-2019-16771 (Versions of Armeria 0.85.0 through and
including 0.96.0 are vuln
NOT-FOR-US: Armeria
CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could
use keepal ...)
- puma <unfixed> (bug #946312)
+ [buster] - puma <no-dsa> (Minor issue)
+ [stretch] - puma <no-dsa> (Minor issue)
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
NOTE:
https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e
CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is
vulnerabl ...)
@@ -25998,6 +26014,8 @@ CVE-2019-12416
RESERVED
CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml
to conv ...)
- libapache-poi-java <unfixed> (bug #943565)
+ [buster] - libapache-poi-java <no-dsa> (Minor issue)
+ [stretch] - libapache-poi-java <no-dsa> (Minor issue)
[jessie] - libapache-poi-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1
CVE-2019-12414
=====================================
data/dsa-needed.txt
=====================================
@@ -76,5 +76,7 @@ wordpress (seb)
2019-11-19: ask about stretch-security
2019-11-06: maintainer proposed debdiff for buster-security
--
+xcftools
+--
xen
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9abb610827a753e0da5dfe09a713128a09a3fe0f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9abb610827a753e0da5dfe09a713128a09a3fe0f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
