[Git][security-tracker-team/security-tracker][master] LTS/python2.7, python3.4, python-urllib3 status update
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: b92b976a by Roberto C. Sánchez at 2019-04-08T16:41:46Z LTS/python2.7, python3.4, python-urllib3 status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -39,12 +39,12 @@ hdf5 (Hugo Lefeuvre) NOTE: upstream's bug tracker requires special permissions to open issues. NOTE: unclear how upstream handles security backlog, contacted them. -- -imagemagick +imagemagick (Roberto C. Sánchez) NOTE: 20181227: We should address the many open issues in imagemagick either NOTE: by patching them separetely as we did in Wheezy or by updating to a NOTE: new upstream version like the security team did with Graphicsmagick in NOTE: Stretch. (apo) - NOTE: 20190321: Still waiting on security team response to inquiries from (apo) and (roberto) + NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto) -- jinja2 (Hugo Lefeuvre) NOTE: patch available for CVE-2019-10906. @@ -86,16 +86,16 @@ proftpd-dfsg (Markus Koschany) putty (Thorsten Alteholz) NOTE: 20190407: stick to Stretch patches -- -python-urllib3 - NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto) +python-urllib3 (Roberto C. Sánchez) + NOTE: 20190408: Waiting on upstream action for CVE-2019-9740 (roberto) -- -python2.7 +python2.7 (Roberto C. Sánchez) NOTE: 20190321: Patches integrated for CVE-2018-14647, CVE-2019-5010, and CVE-2019-9636 - NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto) + NOTE: 20190408: Waiting on upstream action for CVE-2019-9740 (roberto) -- -python3.4 +python3.4 (Roberto C. Sánchez) NOTE: 20190321: Patches integrated for CVE-2018-14647 and CVE-2019-9636 - NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto) + NOTE: 20190408: Waiting on upstream action for CVE-2019-9740 (roberto) -- qemu (Emilio) NOTE: CVE-2018-19665: wait for final patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b92b976a751f36dacb5d54d7cc60aef1def09efc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b92b976a751f36dacb5d54d7cc60aef1def09efc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/python2.7, python3.4, python-urllib3 status update
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: cec43636 by Roberto C. Sánchez at 2019-03-22T02:05:55Z LTS/python2.7, python3.4, python-urllib3 status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -36,8 +36,7 @@ imagemagick (Roberto C. Sánchez) NOTE: by patching them separetely as we did in Wheezy or by updating to a NOTE: new upstream version like the security team did with Graphicsmagick in NOTE: Stretch. (apo) - NOTE: Performed preliminary backport build (positive result), and sent inquiry - NOTE: to security team requesting guidance on how to proceed. (roberto) + NOTE: 20190321: Still waiting on security team response to inquiries from (apo) and (roberto) -- libav NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet. @@ -89,11 +88,15 @@ poppler NOTE: Fix available for CVE-2019-9631. Not so for CVE-2019-9543 nor CVE-2019-9545. -- python-urllib3 (Roberto C. Sánchez) - NOTE: same issue as currenly affects python3.4/python2.7 + NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto) -- python2.7 (Roberto C. Sánchez) + NOTE: 20190321: Patches integrated for CVE-2018-14647, CVE-2019-5010, and CVE-2019-9636 + NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto) -- python3.4 (Roberto C. Sánchez) + NOTE: 20190321: Patches integrated for CVE-2018-14647 and CVE-2019-9636 + NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto) -- qemu NOTE: CVE-2018-19665: wait for final patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec436360f74f77def890fec518c32381a56c236 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec436360f74f77def890fec518c32381a56c236 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
