Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 77528b1d by Thorsten Alteholz at 2019-10-25T21:32:56Z mark CVE-2019-17455 as no-dsa for jessie - - - - - 646a340a by Thorsten Alteholz at 2019-10-25T21:33:42Z mark CVE-2019-18384 as no-dsa for jessie - - - - - 5bfe8287 by Thorsten Alteholz at 2019-10-25T21:37:38Z claim libarchive - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -204,6 +204,7 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 - python2.7 <unfixed> [buster] - python2.7 <not-affected> (Not exploitable, has CVE-2016-10739 fixed) [stretch] - python2.7 <no-dsa> (Minor issue) + [jessie] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue38576 CVE-2019-18347 RESERVED @@ -3271,6 +3272,7 @@ CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAu - libntlm <unfixed> (bug #942145) [buster] - libntlm <no-dsa> (Minor issue) [stretch] - libntlm <no-dsa> (Minor issue) + [jessie] - libntlm <no-dsa> (Minor issue) NOTE: https://gitlab.com/jas/libntlm/issues/2 CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...) NOT-FOR-US: Bento4 ===================================== data/dla-needed.txt ===================================== @@ -42,6 +42,8 @@ libapache2-mod-auth-openidc NOTE: 20191011: Upstream patch tightens validation but jessie does not appear NOTE: 20191011: to have any validation whatsoever on first glance. (lamby) -- +libarchive (Thorsten Alteholz) +-- libav NOTE: 20190831: There are currently 19 CVE issues known for libav in jessie, NOTE: 20190831: 11 tagged as <no-dsa>. These issues have been triaged, no patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3808b342c99f2d174ec3b45f0c77b54dcee7673...5bfe828785d47b9f3736b3fba305353c62c67ab4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3808b342c99f2d174ec3b45f0c77b54dcee7673...5bfe828785d47b9f3736b3fba305353c62c67ab4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits