[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs fixed, so remove no-dsa

Fri, 25 Jan 2019 14:44:44 -0800 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
35edb858 by Thorsten Alteholz at 2019-01-25T22:34:15Z
CVEs fixed, so remove no-dsa

- - - - -
6e917311 by Thorsten Alteholz at 2019-01-25T22:34:56Z
Reserve DLA-1643-1 for krb5

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9078,7 +9078,6 @@ CVE-2018-20218
 CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT 
Kerberos ...)
        - krb5 1.16.2-1 (low; bug #917387)
        [stretch] - krb5 <no-dsa> (Minor issue)
-       [jessie] - krb5 <no-dsa> (Minor issue)
        NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
        NOTE: 
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
 CVE-2018-20216 (QEMU can have an infinite loop in 
hw/rdma/vmw/pvrdma_dev_ring.c ...)
@@ -55072,13 +55071,11 @@ CVE-2018-5731 (An issue was discovered in Heimdal PRO 
2.2.190. As part of the ..
 CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with 
permission ...)
        - krb5 1.16.1-1 (bug #891869)
        [stretch] - krb5 <no-dsa> (Minor issue)
-       [jessie] - krb5 <no-dsa> (Minor issue)
        [wheezy] - krb5 <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
 CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with 
permission ...)
        - krb5 1.16.1-1 (bug #891869)
        [stretch] - krb5 <no-dsa> (Minor issue)
-       [jessie] - krb5 <no-dsa> (Minor issue)
        [wheezy] - krb5 <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
 CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Jan 2019] DLA-1643-1 krb5 - security update
+       {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
+       [jessie] - krb5 1.12.1+dfsg-19+deb8u5
 [25 Jan 2019] DLA-1642-1 postgresql-9.4 - new upstream version
        [jessie] - postgresql-9.4 9.4.20-0+deb8u1
 [25 Jan 2019] DLA-1641-1 mxml - security update


=====================================
data/dla-needed.txt
=====================================
@@ -63,10 +63,6 @@ imagemagick
   NOTE: new upstream version like the security team did with Graphicsmagick in
   NOTE: Stretch. (apo)
 --
-krb5 (Thorsten Alteholz)
-  NOTE: 20181230: probably some no-dsa should be fixed
-  NOTE: 20190120: patches ready, test suite ready, waiting for test results on 
wheezy (Thorsten)
---
 libav (Mike Gabriel)
 --
 libraw (Abhijith PA)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f0828a345f8501c7155cfa2563921d1eb45eef28...6e9173110f040d67b946853e876ba7fc7eb8b543

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f0828a345f8501c7155cfa2563921d1eb45eef28...6e9173110f040d67b946853e876ba7fc7eb8b543
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to