[Git][security-tracker-team/security-tracker][master] 2 commits: follow security team with CVE-2018-11489 and CVE-2018-11490
Thorsten Alteholz
alteholz at debian.org
Fri Jul 27 14:09:22 BST 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
921021c6 by Thorsten Alteholz at 2018-07-27T15:07:24+02:00
follow security team with CVE-2018-11489 and CVE-2018-11490
- - - - -
9c5b8a53 by Thorsten Alteholz at 2018-07-27T15:07:54+02:00
no CVEs remaining for giflib
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7819,12 +7819,14 @@ CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenti
CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly ...)
- giflib <unfixed> (bug #904114)
[stretch] - giflib <no-dsa> (Minor issue)
+ [jessie] - giflib <no-dsa> (Minor issue)
NOTE: https://github.com/pts/sam2p/issues/38
NOTE: https://sourceforge.net/p/giflib/bugs/113/
NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly ...)
- giflib <unfixed> (bug #904113)
[stretch] - giflib <no-dsa> (Minor issue)
+ [jessie] - giflib <no-dsa> (Minor issue)
NOTE: https://github.com/pts/sam2p/issues/37
NOTE: https://sourceforge.net/p/giflib/bugs/112/
NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -33,10 +33,6 @@ firefox-esr (Emilio Pozuelo)
NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL.
NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
--
-giflib (Thorsten Alteholz)
- NOTE: 20180717: As of today, no possible fix could be found for CVE-2018-11489 and
- NOTE: 20180717: CVE-2018-11490 while triaging these issues.
---
git-annex
NOTE: 20180710: See #903037 for more information and a fix for Stretch.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8ffda325f869185c065cd69a805e4bb971866a43...9c5b8a53c0da829828b6d4eeaa2004388c212c37
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8ffda325f869185c065cd69a805e4bb971866a43...9c5b8a53c0da829828b6d4eeaa2004388c212c37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180727/f7421c78/attachment.html>
More information about the debian-security-tracker-commits
mailing list