Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 35edb858 by Thorsten Alteholz at 2019-01-25T22:34:15Z CVEs fixed, so remove no-dsa - - - - - 6e917311 by Thorsten Alteholz at 2019-01-25T22:34:56Z Reserve DLA-1643-1 for krb5 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -9078,7 +9078,6 @@ CVE-2018-20218 CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...) - krb5 1.16.2-1 (low; bug #917387) [stretch] - krb5 <no-dsa> (Minor issue) - [jessie] - krb5 <no-dsa> (Minor issue) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086 CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c ...) @@ -55072,13 +55071,11 @@ CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the .. CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...) - krb5 1.16.1-1 (bug #891869) [stretch] - krb5 <no-dsa> (Minor issue) - [jessie] - krb5 <no-dsa> (Minor issue) [wheezy] - krb5 <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...) - krb5 1.16.1-1 (bug #891869) [stretch] - krb5 <no-dsa> (Minor issue) - [jessie] - krb5 <no-dsa> (Minor issue) [wheezy] - krb5 <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[25 Jan 2019] DLA-1643-1 krb5 - security update + {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217} + [jessie] - krb5 1.12.1+dfsg-19+deb8u5 [25 Jan 2019] DLA-1642-1 postgresql-9.4 - new upstream version [jessie] - postgresql-9.4 9.4.20-0+deb8u1 [25 Jan 2019] DLA-1641-1 mxml - security update ===================================== data/dla-needed.txt ===================================== @@ -63,10 +63,6 @@ imagemagick NOTE: new upstream version like the security team did with Graphicsmagick in NOTE: Stretch. (apo) -- -krb5 (Thorsten Alteholz) - NOTE: 20181230: probably some no-dsa should be fixed - NOTE: 20190120: patches ready, test suite ready, waiting for test results on wheezy (Thorsten) --- libav (Mike Gabriel) -- libraw (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f0828a345f8501c7155cfa2563921d1eb45eef28...6e9173110f040d67b946853e876ba7fc7eb8b543 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f0828a345f8501c7155cfa2563921d1eb45eef28...6e9173110f040d67b946853e876ba7fc7eb8b543 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits