Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4bb9592c by Thorsten Alteholz at 2020-01-23T15:29:45+01:00
mark CVE-2019-16792 as no-dsa for jessie
- - - - -
c35c8bdf by Thorsten Alteholz at 2020-01-23T15:37:20+01:00
mark CVE-2019-20388 as no-dsa for jessie
- - - - -
cec30522 by Thorsten Alteholz at 2020-01-23T15:39:08+01:00
mark CVE-2020-7595 as no-dsa for jessie
- - - - -
16f06f1c by Thorsten Alteholz at 2020-01-23T15:42:31+01:00
add libsolv
- - - - -
88a83625 by Thorsten Alteholz at 2020-01-23T15:45:56+01:00
mark CVE-2019-18932 as no-dsa for jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -691,6 +691,7 @@ CVE-2020-7596
RESERVED
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an
infini ...)
- libxml2 <unfixed> (bug #949582)
+ [jessie] - libxml2 <no-dsa> (Minor issue)
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices
allow remo ...)
NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices
@@ -944,6 +945,7 @@ CVE-2019-20389
RESERVED
CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an
xmlSchemaV ...)
- libxml2 <unfixed> (bug #949583)
+ [jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: Proposed merge request:
https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a
heap-ba ...)
- libsolv <unfixed> (bug #949611)
@@ -16540,6 +16542,7 @@ CVE-2019-18933 (In Zulip Server versions from 1.7.0 to
before 2.0.7, a bug in th
NOT-FOR-US: Zulip
CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11
allows ...)
- sarg <unfixed>
+ [jessie] - sarg <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6
NOTE: The sarg-reports as shipped in Debian has already safe use of
mktemp for
NOTE: use of temporary files and directories.
@@ -25273,6 +25276,7 @@ CVE-2019-16792 (Waitress through version 1.3.1 allows
request smuggling by sendi
- waitress 1.4.1-1
[buster] - waitress <no-dsa> (Minor issue)
[stretch] - waitress <no-dsa> (Minor issue)
+ [jessie] - waitress <no-dsa> (Minor issue)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
NOTE:
https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can
receive incorr ...)
=====================================
data/dla-needed.txt
=====================================
@@ -64,6 +64,9 @@ libmatio (Adrian Bunk)
NOTE: 20190428: older changes seem to also be required for them
NOTE: 20200112: work is ongoing
--
+libsolv
+ NOTE: 20200123: Mike is maintainer
+--
libxmlrpc3-java (Markus Koschany)
--
linux (Ben Hutchings)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/84ace8306da15c48b009020db8a113f4287ff2d2...88a8362591be3b6dc178bc1dcf8766a89544b319
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/84ace8306da15c48b009020db8a113f4287ff2d2...88a8362591be3b6dc178bc1dcf8766a89544b319
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
