[Git][security-tracker-team/security-tracker][master] Triage results.

Thu Dec 13 20:40:29 GMT 2018

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b4aedae by Ola Lundqvist at 2018-12-13T20:39:44Z
Triage results.

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -178,6 +178,7 @@ CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x th
 CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP ...)
 	- python-urllib3 1.24-1
 	[stretch] - python-urllib3 <no-dsa> (Minor issue)
+	[jessie] - python-urllib3 <ignored> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/issues/1316
 	NOTE: https://github.com/urllib3/urllib3/pull/1346
 	NOTE: https://github.com/urllib3/urllib3/commit/3d7f98b07b6e6e04c2e89cdf5afb18024a2d804c
@@ -2576,6 +2577,8 @@ CVE-2018-19778
 	RESERVED
 CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the function ...)
 	- mupdf <unfixed> (bug #915137)
+	[stretch] - mupdf <ignored> (Minor issue)
+	[jessie] - mupdf <ignored> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301
 CVE-2018-19776
 	RESERVED
@@ -5895,6 +5898,7 @@ CVE-2018-19505
 	RESERVED
 CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
 	- faad2 <unfixed> (bug #914641)
+	[jessie] - faad2 <postponed> (Minor issue)
 	NOTE: https://sourceforge.net/p/faac/bugs/240/
 CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
 	- faad2 <unfixed> (bug #914641)
@@ -42992,10 +42996,14 @@ CVE-2018-5810 (An error within the "rollei_load_raw()" function ...)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
 CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function ...)
 	- libraw 0.18.11-1
+	[stretch] - libraw <ignored> (Minor issue)
+	[jessie] - libraw <ignored> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
 	NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
 CVE-2018-5808 (An error within the "find_green()" function ...)
 	- libraw 0.18.11-1
+	[stretch] - libraw <ignored> (Minor issue)
+	[jessie] - libraw <ignored> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
 	NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
 CVE-2018-5807 (An error within the "samsung_load_raw()" function ...)


=====================================
data/dla-needed.txt
=====================================
@@ -19,6 +19,9 @@ enigmail
 exiv2 (Thorsten Alteholz)
   NOTE: 20181202: also recheck other CVEs (Thorsten)
 --
+faad2
+  NOTE: 20181214: No known patch yet. Not urgent but would be good to fix.
+--
 freerdp (Mike Gabriel)
   NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
   NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I will ask upstream
@@ -37,6 +40,8 @@ freerdp (Mike Gabriel)
 --
 ghostscript (Lucas Kanashiro)
 --
+gnutls28
+--
 jasper
 --
 libapache-mod-jk (Roberto C. Sánchez)
@@ -86,6 +91,8 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
+nettle
+--
 nss
   NOTE: 20181212: Bug report not public but it is likely that the package is vulnerable. Maintainer not contacted
   NOTE: 20181212: yet. Further investigation needed.


=====================================
data/dsa-needed.txt
=====================================
@@ -23,6 +23,8 @@ ghostscript
 --
 glusterfs
 --
+gnutls28
+--
 libapache-mod-jk
   Maintainer proposing an update (and backportig the buster version)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b4aedae40849afa22ba09826506b3a52ec71c0a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b4aedae40849afa22ba09826506b3a52ec71c0a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181213/3a2e7bc0/attachment-0001.html>
