[Git][security-tracker-team/security-tracker][master] Reserve DLA-1611-1 for libav

Mike Gabriel sunweaver at debian.org
Wed Dec 19 22:57:42 GMT 2018 

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99560196 by Mike Gabriel at 2018-12-19T22:57:02Z
Reserve DLA-1611-1 for libav

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Dec 2018] DLA-1611-1 libav - security update
+	{CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191}
+	[jessie] - libav 6:11.12-1~deb8u2
 [17 Dec 2018] DLA-1610-1 sleuthkit - security update
 	{CVE-2018-19497}
 	[jessie] - sleuthkit 4.1.3-4+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -52,34 +52,11 @@ libav (Markus Koschany, Mike Gabriel)
   NOTE: 20181129: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
   NOTE: 20181130: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
   NOTE: 20181130: #debian-lts.
-  NOTE: 20181130: CVE-2015-6761 (fixed): patch available, issue non-reproducible, vulnerable (maybe: not-affected instead)
-  NOTE: 20181130: CVE-2015-6818 (fixed): patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6820 (fixed): patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6821 (fixed): patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6822 (fixed): patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6823 (fixed): same patch as for CVE-2015-6822, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6824 (fixed): same patch as for CVE-2015-6822, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6825 (fixed): patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6826 (fixed): patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8216 (fixed): patch available (does not apply cleanly), issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8217 (fixed): similar patch applied, issue untested, not-affected (@apo: please double-check)
-  NOTE: 20181130: CVE-2015-8363: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8364: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8661: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8662: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8663: patch available (needs manual work), issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2016-10190: patch available (might need manual work), issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2016-10191: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2016-10192: vulnerable code not present (only in ffmpeg)
   NOTE: 20181130: CVE-2016-5115: patch unavailable (needs revisiting), issue reproducible, no-dsa (needs revisiting)
-  NOTE: 20181206: CVE-2016-5199: vulnerable code (QuickTime Metadata Keys support) not present
-  NOTE: 20181206: CVE-2016-9819: fix included, PoC available (needs testing), <not-affected>
-  NOTE: 20181206: CVE-2016-9820: fix included, PoC available (needs testing), <not-affected>
   NOTE: 20181206: CVE-2016-9823: no patch available, PoC available (needs testing), currently <no-dsa>
   NOTE: 20181206: CVE-2016-9824: no patch available, PoC available (needs testing), currently <no-dsa>
   NOTE: 20181206: CVE-2016-9825: no patch available, PoC available (needs testing), currently <ignored>
   NOTE: 20181206: CVE-2016-9826: no patch available, PoC available (needs testing), currently <ignored>
-  NOTE: 20181214: CVE-2014-9317 (fixed): patch available, issue untested (no PoC), vulnerable
 --
 libphp-phpmailer
   NOTE: 20181217: https://lists.debian.org/debian-lts/2018/12/msg00026.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99560196d461b7b48190fc8da8656932d904bac3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99560196d461b7b48190fc8da8656932d904bac3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/c5d3cd9d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list