[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-19869: remove no-dsa (fixed in stretch-security)

Sun, 27 Sep 2020 21:51:44 -0700 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a88d514 by Adrian Bunk at 2020-09-28T07:10:58+03:00
CVE-2018-19869: remove no-dsa (fixed in stretch-security)

- - - - -
86dc958d by Adrian Bunk at 2020-09-28T07:29:19+03:00
Mark CVE-2019-3681 as no-dsa also for stretch

Already no-dsa in buster, and similar to CVE-2017-9274.

- - - - -
8099abaa by Adrian Bunk at 2020-09-28T07:50:07+03:00
dla: status update

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -108917,6 +108917,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS 
Platform 3.0 before 17.09.1
 CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of 
SUSE L ...)
        - osc <unfixed> (bug #969999)
        [buster] - osc <no-dsa> (Minor issue)
+       [stretch] - osc <no-dsa> (Minor issue)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
        NOTE: 
https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 
(0.169.0)
 CVE-2019-3680
@@ -116123,7 +116124,6 @@ CVE-2018-19869 (An issue was discovered in Qt before 
5.11.3. A malformed SVG ima
        - qtsvg-opensource-src 5.11.3-2 (low)
        [jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
        - qt4-x11 4:4.8.7+dfsg-18 (low)
-       [stretch] - qt4-x11 <no-dsa> (Minor issue)
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/234142/
        NOTE: 
https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335


=====================================
data/dla-needed.txt
=====================================
@@ -110,7 +110,7 @@ mumble
 --
 nss (Adrian Bunk)
   NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including 
fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
-  NOTE: 20200914: new CVE for racoon (bunk)
+  NOTE: 20200928: testing fixed package (bunk)
 --
 open-build-service (Utkarsh Gupta)
   NOTE: 20200928: in touch with upstream - still figuring out the best way to 
backport. (utkarsh)
@@ -118,8 +118,6 @@ open-build-service (Utkarsh Gupta)
 opendmarc
   NOTE: 20200719: no patches for remaining CVEs available, everything else is 
already done in Stretch (thorsten)
 --
-osc (Adrian Bunk)
---
 packagekit
 --
 php-horde-trean (Mike Gabriel)
@@ -219,4 +217,5 @@ xcftools
   NOTE: 20200605: Patch 
https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch
 (gladk)
 --
 zeromq3 (Adrian Bunk)
+  NOTE: 20200928: testing fixed package (bunk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/638e7bf5e94c5ae36630e5faac43580a5bf56504...8099abaa6bcfa9d2f76257a60a6d1f16fe8daf8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/638e7bf5e94c5ae36630e5faac43580a5bf56504...8099abaa6bcfa9d2f76257a60a6d1f16fe8daf8d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to