[Git][security-tracker-team/security-tracker][master] dla-needed update

Hugo Lefeuvre hle at debian.org
Fri Dec 7 11:31:22 GMT 2018 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59eb7472 by Hugo Lefeuvre at 2018-12-07T11:31:05Z
dla-needed update

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -76,16 +76,15 @@ libav (Markus Koschany, Mike Gabriel)
   NOTE: 20181206: CVE-2016-9826: no patch available, PoC available (needs testing), currently <ignored>
 --
 libsndfile (Hugo Lefeuvre)
-  NOTE: 20181123: CVE-2018-19432 minor but several older CVEs triaged no-dsa (such as CVE-2017-8361)
-  NOTE: might be worth an upload in our case, especially because those have all been fixed in more
-  NOTE: recent versions, patches are not too complicated and we have more time
+  NOTE: 20181207: working on the next upload addressing older cves.
+  NOTE: also: most new cves appear to be duplicates, working on triage
 --
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
 openjpeg2 (Hugo Lefeuvre)
-  NOTE: planning a second batch of patches to fix the remaining issues worth taking time.
+  NOTE: working a second batch of patches to fix the remaining issues worth taking time.
   NOTE: The rest will wait for upstream patches/no-dsa
 --
 pdns (Abhijith PA)
@@ -118,6 +117,7 @@ systemd
 --
 tiff (Hugo Lefeuvre)
   NOTE: CVE-2018-19210: Working on a patch, see https://gitlab.com/libtiff/libtiff/merge_requests/47
+  NOTE: CVE-2018-19210: 20181207: still waiting for feedback from upstream
   NOTE: CVE-2018-18661: Easy to patch, but unable to reproduce the error.
   NOTE: CVE-2018-18661: Not possible to prove it fixes the specified vulnerability.
   NOTE: CVE-2018-18661: See thread starting at https://lists.debian.org/debian-lts/2018/11/msg00033.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59eb7472d95fa5ca310dbc2971e9967eb0b2a307

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59eb7472d95fa5ca310dbc2971e9967eb0b2a307
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181207/7de76b20/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list