<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/437baa1d52e7ab33eb248bd2358895e745ae5da3">437baa1d</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-07-16T19:20:26Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add CVE-2019-1010060/cfitsio

After query to MITRE the reason behind that there is one additional CVE,

is that there were other security wise sensitive issues fixed in 3.43

but not covered by the CVEs  CVE-2018-3846, CVE-2018-3847,

CVE-2018-3848, and CVE-2018-3849. One example is given in the NOTE

itself.

The above CVEs were only to adress issues in the gphd, ffgtkn, ffgkyn,

ffghbn, and ffghtb functions. However, the upgrade from 3.42 to 3.43

also has many other changes.

As CVE-2019-1010060 mentions: "over 40 source code files were changed."

It is not woth trying to trackle all those for stretch (and probably

older). So marking stretch as no-dsa in accordance with the setting for

CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/437baa1d52e7ab33eb248bd2358895e745ae5da3#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/437baa1d52e7ab33eb248bd2358895e745ae5da3">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/437baa1d52e7ab33eb248bd2358895e745ae5da3"}}</script>

</p>

</div>

</body>

</html>