[Git][security-tracker-team/security-tracker][master] 2 commits: data/DLA/list: Manually fix DLA-1611-1. Not resolved: CVE-2015-6823 and…

Thu Dec 20 22:35:37 GMT 2018

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c4ca581 by Mike Gabriel at 2018-12-20T22:34:59Z
data/DLA/list: Manually fix DLA-1611-1. Not resolved: CVE-2015-6823 and CVE-2015-6824 (fix is on its way...).

- - - - -
1a01a65f by Mike Gabriel at 2018-12-20T22:34:59Z
Reserve DLA-1611-2 for libav

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,5 +1,8 @@
+[20 Dec 2018] DLA-1611-2 libav - security update
+	{CVE-2015-6822 CVE-2015-6823 CVE-2015-6824}
+	[jessie] - libav 6:11.12-1~deb8u3
 [19 Dec 2018] DLA-1611-1 libav - security update
-	{CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191}
+	{CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191}
 	[jessie] - libav 6:11.12-1~deb8u2
 [17 Dec 2018] DLA-1610-1 sleuthkit - security update
 	{CVE-2018-19497}


=====================================
data/dla-needed.txt
=====================================
@@ -63,10 +63,10 @@ libav (Markus Koschany, Mike Gabriel)
   NOTE: 20181206: CVE-2016-9824: no patch available, PoC available (needs testing), currently <no-dsa>
   NOTE: 20181206: CVE-2016-9825: no patch available, PoC available (needs testing), currently <ignored>
   NOTE: 20181206: CVE-2016-9826: no patch available, PoC available (needs testing), currently <ignored>
-  NOTE: 20181220: Due to a flaw in security-tracker, CVE-2015-6823 and CVE-2015-6824 are not fixed in
-  NOTE: 20181220: +deb8u2 as mentioned in the changelog. The CVE/list file has now been updated with the
-  NOTE: 20181220: correct patches.
---
+  NOTE: 20181220: All CVEs from 2015 and 2016 that have been +/- "easily" addressable have been uploaded (+deb8u3).
+  NOTE: 20181220: Markus Koschany will now work on CVEs from 2017 and 2018 at the end of December.
+  NOTE: 20181220: Then, in January, we will see what's left and if anything else is "easily" doable.
+---
 libphp-phpmailer
   NOTE: 20181217: https://lists.debian.org/debian-lts/2018/12/msg00026.html
   NOTE: 20181218: $this->DKIM_private_string introduced in 5.2.17. (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/02ecccdc90422dab4d323bf612cd84d4601151c1...1a01a65f5fa81f5587e1f87b9f299bb55369076c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/02ecccdc90422dab4d323bf612cd84d4601151c1...1a01a65f5fa81f5587e1f87b9f299bb55369076c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/78dbf13b/attachment-0001.html>
