[Git][security-tracker-team/security-tracker][master] 2 commits: Ignoring CVE-2019-6470 following decision for stretch.

[Ola Lundqvist]

Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a97a36f8 by Ola Lundqvist at 2019-05-11T21:12:34Z
Ignoring CVE-2019-6470 following decision for stretch.

- - - - -
0185a0b3 by Ola Lundqvist at 2019-05-11T21:17:32Z
Ignoring CVE-2017-12839 and CVE-2019-11059 following decision for stretch.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1954,6 +1954,7 @@ CVE-2019-11060
 CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 
64-bit exte ...)
        - u-boot <unfixed> (bug #928800)
        [stretch] - u-boot <no-dsa> (Minor issue)
+       [jessie] - u-boot <ignored> (Minor issue)
        NOTE: 
https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501
 CVE-2019-11058
        RESERVED
@@ -13961,6 +13962,7 @@ CVE-2019-6470 [DHCPv6 server crashes regularly]
        RESERVED
        - isc-dhcp 4.4.1-2 (bug #896122)
        [stretch] - isc-dhcp <ignored> (Issue triggerable only when build 
against bind >= 9.11.3)
+       [jessie] - isc-dhcp <ignored> (Issue triggerable only when build 
against bind >= 9.11.3)
        NOTE: https://bugs.isc.org/Public/Ticket/Display.html?id=48804
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1641246
        NOTE: 
https://bugs.launchpad.net/ubuntu/%2Bsource/isc-dhcp/%2Bbug/1781699
@@ -98975,6 +98977,7 @@ CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, 
bundled with the DESLock+ c
 CVE-2017-12839 (A heap-based buffer over-read in the getbits function in 
src/libmpg123 ...)
        - mpg123 1.25.6-1
        [stretch] - mpg123 <no-dsa> (Minor issue)
+       [jessie] - mpg123 <ignored> (Minor issue)
        NOTE: https://sourceforge.net/p/mpg123/bugs/255/
        NOTE: 
https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date
 CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 
1.5 allows ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8fe69ead64e09d535c4c2794cda9b2074d1dc675...0185a0b38c4126a34eb33cde1da139e8bbcf58e5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8fe69ead64e09d535c4c2794cda9b2074d1dc675...0185a0b38c4126a34eb33cde1da139e8bbcf58e5
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits