[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Add missing note attributions.

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97855ee7 by Chris Lamb at 2018-12-13T21:08:22Z
data/dla-needed.txt: Add missing note attributions.

- - - - -
cfd92739 by Chris Lamb at 2018-12-13T21:10:17Z
Triage CVE-2018-20102 & CVE-2018-20103 for jessie LTS; vulnerable code not present in haproxy.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -89,9 +89,11 @@ CVE-2018-20104
 	RESERVED
 CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the case ...)
 	- haproxy <unfixed> (bug #916307)
+	[jessie] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25
 CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was ...)
 	- haproxy <unfixed> (bug #916308)
+	[jessie] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0
 CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 ...)
 	NOT-FOR-US: codection "Import users from CSV with meta" plugin for WordPress


=====================================
data/dla-needed.txt
=====================================
@@ -20,7 +20,7 @@ exiv2 (Thorsten Alteholz)
   NOTE: 20181202: also recheck other CVEs (Thorsten)
 --
 faad2
-  NOTE: 20181214: No known patch yet. Not urgent but would be good to fix.
+  NOTE: 20181214: No known patch yet. Not urgent but would be good to fix. (opal)
 --
 freerdp (Mike Gabriel)
   NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
@@ -42,8 +42,6 @@ ghostscript (Lucas Kanashiro)
 --
 gnutls28
 --
-haproxy
---
 jasper
 --
 libapache-mod-jk (Roberto C. Sánchez)
@@ -123,7 +121,7 @@ policykit-1 (Santiago)
 qemu
 --
 qtbase-opensource-src
-  NOTE: 20181214: Low priority but could be good to fix. Simple patches.
+  NOTE: 20181214: Low priority but could be good to fix. Simple patches. (opal)
 --
 samba (Emilio Pozuelo)
   NOTE: 20181203: regression in upstream fix, waiting for confirmed regression fix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b3a4d47346b2dc3a596cd8153dc8b56a1fc761d6...cfd92739662dc1eac962a325655edb2ae1579a02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b3a4d47346b2dc3a596cd8153dc8b56a1fc761d6...cfd92739662dc1eac962a325655edb2ae1579a02
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181213/0c5055fa/attachment-0001.html>