[Git][security-tracker-team/security-tracker][master] 5 commits: readd graphicsmagick

Thu Jun 28 11:47:24 BST 2018

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e376c9c by Thorsten Alteholz at 2018-06-28T12:44:02+02:00
readd graphicsmagick

- - - - -
f055cbea by Thorsten Alteholz at 2018-06-28T12:44:02+02:00
add intel-microcode

- - - - -
96565d92 by Thorsten Alteholz at 2018-06-28T12:44:03+02:00
follow security team for libraw

- - - - -
0562701a by Thorsten Alteholz at 2018-06-28T12:44:03+02:00
add tiff

- - - - -
d0e10800 by Thorsten Alteholz at 2018-06-28T12:44:04+02:00
follow security team for yara

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2339,10 +2339,12 @@ CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write to
 CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule ...)
 	- yara 3.7.1-3 (low)
 	[stretch] - yara <no-dsa> (Minor issue)
+	[jessie] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/891
 CVE-2018-12034 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule ...)
 	- yara 3.7.1-3 (low)
 	[stretch] - yara <no-dsa> (Minor issue)
+	[jessie] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/891
 CVE-2018-12033
 	RESERVED
@@ -19365,16 +19367,19 @@ CVE-2018-5806 [NULL pointer dereference in leaf_hdr_load_raw() function in inter
 	RESERVED
 	- libraw 0.18.8-1 (low)
 	[stretch] - libraw <no-dsa> (Minor issue)
+	[jessie] - libraw <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
 CVE-2018-5805 [Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp]
 	RESERVED
 	- libraw 0.18.8-1 (low)
 	[stretch] - libraw <no-dsa> (Minor issue)
+	[jessie] - libraw <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
 CVE-2018-5804 [type confusion error in identify() function in internal/dcraw_common.cpp]
 	RESERVED
 	- libraw 0.18.8-1 (low)
 	[stretch] - libraw <no-dsa> (Minor issue)
+	[jessie] - libraw <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
 CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, ...)
 	{DSA-4188-1 DSA-4187-1 DLA-1369-1}


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -39,6 +39,10 @@ firefox-esr (Emilio Pozuelo)
 --
 git
 --
+graphicsmagick
+--
+intel-microcode
+--
 ipsec-tools
   NOTE: CVE-2016-10396 fixed in wheezy. No further point release so this should be fixed this way instead.
 --
@@ -101,6 +105,8 @@ slurm-llnl (Thorsten Alteholz)
 --
 thunderbird (Emilio Pozuelo)
 --
+tiff
+--
 tiff3 (Holger Levsen)
 --
 tomcat8 (Roberto C. Sánchez)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fe4875057be5bfe7846e5b73c02b67382cfe0638...d0e1080073d68a91cb1d550b1c93d6b3401bb873

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fe4875057be5bfe7846e5b73c02b67382cfe0638...d0e1080073d68a91cb1d550b1c93d6b3401bb873
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180628/15f96cb2/attachment.html>
