[Git][security-tracker-team/security-tracker][master] stretch triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
286cfb1b by Moritz Muehlenhoff at 2018-12-14T08:34:28Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2323,9 +2323,11 @@ CVE-2018-19872
 	RESERVED
 CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
 	RESERVED
-	- qtimageformats-opensource-src <unfixed>
+	- qtimageformats-opensource-src <unfixed> (low)
+	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
 	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
-	- qt4-x11 <unfixed>
+	- qt4-x11 <unfixed> (low)
+	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	[jessie] - qt4-x11 <postponed> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/237761/
@@ -2333,8 +2335,10 @@ CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
 CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
 	RESERVED
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
-	- qtbase-opensource-src <unfixed>
-	- qt4-x11 <unfixed>
+	- qtbase-opensource-src <unfixed> (low)
+	[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
+	- qt4-x11 <unfixed> (low)
+	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/235998/
 	NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
@@ -77229,8 +77233,8 @@ CVE-2017-11431
 	RESERVED
 CVE-2017-11430
 	RESERVED
-	- ruby-omniauth-saml 1.10.0-1 (bug #892864)
-	NOTE: fixed in 1.10.0
+	- ruby-omniauth-saml <not-affected> (The actual vulnerability is in ruby-saml, which is used by the Debian package)
+	NOTE: The change in 1.10.0 simply bumps the version requirement
 	NOTE: https://github.com/omniauth/omniauth-saml/issues/156
 	NOTE: https://github.com/omniauth/omniauth-saml/pull/157
 	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/286cfb1bc87594ec4ccf1c5b18cfdf76b4915d4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/286cfb1bc87594ec4ccf1c5b18cfdf76b4915d4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181214/d39b1dfb/attachment.html>