[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-17455 as no-dsa for jessie

Fri, 25 Oct 2019 15:07:40 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
77528b1d by Thorsten Alteholz at 2019-10-25T21:32:56Z
mark CVE-2019-17455 as no-dsa for jessie

- - - - -
646a340a by Thorsten Alteholz at 2019-10-25T21:33:42Z
mark CVE-2019-18384 as no-dsa for jessie

- - - - -
5bfe8287 by Thorsten Alteholz at 2019-10-25T21:37:38Z
claim libarchive

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -204,6 +204,7 @@ CVE-2019-18348 (An issue was discovered in urllib2 in 
Python 2.x through 2.7.17
        - python2.7 <unfixed>
        [buster] - python2.7 <not-affected> (Not exploitable, has 
CVE-2016-10739 fixed)
        [stretch] - python2.7 <no-dsa> (Minor issue)
+       [jessie] - python2.7 <no-dsa> (Minor issue)
        NOTE: https://bugs.python.org/issue38576
 CVE-2019-18347
        RESERVED
@@ -3271,6 +3272,7 @@ CVE-2019-17455 (Libntlm through 1.5 relies on a fixed 
buffer size for tSmbNtlmAu
        - libntlm <unfixed> (bug #942145)
        [buster] - libntlm <no-dsa> (Minor issue)
        [stretch] - libntlm <no-dsa> (Minor issue)
+       [jessie] - libntlm <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/jas/libntlm/issues/2
 CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in 
AP4_Descriptor::GetTa ...)
        NOT-FOR-US: Bento4


=====================================
data/dla-needed.txt
=====================================
@@ -42,6 +42,8 @@ libapache2-mod-auth-openidc
   NOTE: 20191011: Upstream patch tightens validation but jessie does not appear
   NOTE: 20191011: to have any validation whatsoever on first glance. (lamby)
 --
+libarchive (Thorsten Alteholz)
+--
 libav
   NOTE: 20190831: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190831: 11 tagged as <no-dsa>. These issues have been triaged, no 
patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3808b342c99f2d174ec3b45f0c77b54dcee7673...5bfe828785d47b9f3736b3fba305353c62c67ab4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3808b342c99f2d174ec3b45f0c77b54dcee7673...5bfe828785d47b9f3736b3fba305353c62c67ab4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to