[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-19869/qtsvg-opensource-src no-dsa on jessie

Thu Dec 13 10:57:02 GMT 2018

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a453a9ad by Emilio Pozuelo Monfort at 2018-12-13T10:56:41Z
CVE-2018-19869/qtsvg-opensource-src no-dsa on jessie

- - - - -
1720a0c8 by Emilio Pozuelo Monfort at 2018-12-13T10:56:42Z
CVE-2018-19871 affects qt4-x11 too

- - - - -
1323e517 by Emilio Pozuelo Monfort at 2018-12-13T10:56:43Z
CVE-2018-19871 postponed in jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2269,9 +2269,12 @@ CVE-2018-19872
 CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
 	RESERVED
 	- qtimageformats-opensource-src <unfixed>
+	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
+	- qt4-x11 <unfixed>
+	[jessie] - qt4-x11 <postponed> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/237761/
-	TODO: check for completeness, possibly as well qt4-x11
+	NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
 CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
 	RESERVED
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
@@ -2283,6 +2286,7 @@ CVE-2018-19869 [Fix crash when parsing malformed url reference]
 	RESERVED
 	- qtsvg-opensource-src <unfixed> (low)
 	[stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
+	[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/234142/
 	TODO: check for completeness, possibly as well qt4-x11


=====================================
data/dla-needed.txt
=====================================
@@ -110,9 +110,6 @@ policykit-1 (Santiago)
 --
 qemu
 --
-qtsvg-opensource-src
-  NOTE: 20181210: Needs more investigation around related packages/upstream etc. (lamby)
---
 samba (Emilio Pozuelo)
   NOTE: 20181203: regression in upstream fix, waiting for confirmed regression fix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f4d34a425014997c470de99b8b56b30c47c893fc...1323e517fa4b719257b1d55aaed2d34fc34295cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f4d34a425014997c470de99b8b56b30c47c893fc...1323e517fa4b719257b1d55aaed2d34fc34295cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181213/8c474cd6/attachment-0001.html>
