[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2018-0490 & CVE-2018-0491 (tor) for wheezy; end-of-life in this distribution.
Chris Lamb
lamby at debian.org
Tue Mar 6 11:30:49 UTC 2018
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
809f0abd by Chris Lamb at 2018-03-06T11:29:15+00:00
Triage CVE-2018-0490 & CVE-2018-0491 (tor) for wheezy; end-of-life in this distribution.
- - - - -
13808bb6 by Chris Lamb at 2018-03-06T11:29:59+00:00
Triage graphicsmagick for LTS
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19977,11 +19977,13 @@ CVE-2018-0492
RESERVED
CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. ...)
- tor 0.3.2.10-1
+ [wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
NOTE: https://trac.torproject.org/projects/tor/ticket/25117
NOTE: https://trac.torproject.org/projects/tor/ticket/24700
NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before ...)
- tor 0.3.2.10-1
+ [wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
NOTE: https://trac.torproject.org/projects/tor/ticket/25074
NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service ...)
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -30,6 +30,8 @@ gcc-4.7 (Roberto C. Sánchez)
NOTE: Backport the retpoline support for spectre mitigation.
NOTE: Do we want/need it on this gcc version as well?
--
+graphicsmagick
+--
icu (Thorsten Alteholz)
NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0b934907436077d28ae5fb1e0c7b056d8622e4d6...13808bb6e3a98ed8c4f0c25a5ae650132603bedc
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0b934907436077d28ae5fb1e0c7b056d8622e4d6...13808bb6e3a98ed8c4f0c25a5ae650132603bedc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180306/d19ea693/attachment.html>
More information about the Secure-testing-commits
mailing list