[Git][security-tracker-team/security-tracker][master] Track proposed updates for batik via {stretch,buster}-pu

Emilio Pozuelo Monfort Fri, 10 Jul 2020 10:44:54 -0700


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4aa4229f by Emilio Pozuelo Monfort at 2020-07-10T19:43:05+02:00
Track proposed updates for batik via {stretch,buster}-pu

- - - - -


4 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45200,6 +45200,8 @@ CVE-2019-17567
 CVE-2019-17566 [SSRF vulnerability]
        RESERVED
        - batik <unfixed> (bug #964510)
+       [buster] - batik <no-dsa> (Minor issue, will be fixed via point update)
+       [stretch] - batik <no-dsa> (Minor issue, will be fixed via point update)
        NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2
        NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
        NOTE: corresponding bug: 
https://issues.apache.org/jira/browse/BATIK-1276


=====================================
data/dla-needed.txt
=====================================
@@ -21,8 +21,6 @@ ansible
   NOTE: 20200508: bam: Upstream fix was reverted - 
https://github.com/ansible/ansible/pull/68983
   NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
 --
-batik (Emilio)
---
 cacti (Abhijith PA)
   NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for 
jessie version (abhijith)
   NOTE: 20200620: WIP (abhijith)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -219,3 +219,5 @@ CVE-2019-1010006
        [stretch] - atril 1.16.1-2+deb9u2
 CVE-2019-11459
        [stretch] - atril 1.16.1-2+deb9u2
+CVE-2019-17566
+       [stretch] - batik 1.8-4+deb9u2


=====================================
data/next-point-update.txt
=====================================
@@ -178,3 +178,5 @@ CVE-2020-15393
        [buster] - linux 4.19.131-1
 CVE-2018-20669
        [buster] - linux 4.19.131-1
+CVE-2019-17566
+       [buster] - batik 1.10-2+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4229f96f9ee33a1ad16c4d3e0724d4cf2477b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4229f96f9ee33a1ad16c4d3e0724d4cf2477b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track proposed updates for batik via {stretch,buster}-pu

Reply via email to