<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Markus Koschany pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/e405dd55a933e0c07544f43b162baf0899b29780">e405dd55</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2019-11-08T23:10:10Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark libgig CVE as unfixed in unstable

I could reproduce all issues in unstable. Buster is most likely also affected.

Some CVE cannot be reproduced in Jessie and Stretch because in these versions

the required gigtools (gigmerge, gig2stereo) are not available to confirm the

ASAN reports. However affected code does still exist AFAICS. It may be possible to

trigger the same bug via a different code path.

Upstream confirmed to me via private email that there was no work on CVE-2018-*

issues. I will go into more details by responding to Debian bug #931309.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/e405dd55a933e0c07544f43b162baf0899b29780#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/e405dd55a933e0c07544f43b162baf0899b29780">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/e405dd55a933e0c07544f43b162baf0899b29780"}}</script>

</p>

</div>

</body>

</html>