[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2018-19532 as no-dsa for jessie

Thorsten Alteholz alteholz at debian.org
Thu Nov 29 18:48:47 GMT 2018 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dde4f9cd by Thorsten Alteholz at 2018-11-29T18:42:01Z
mark CVE-2018-19532 as no-dsa for jessie

- - - - -
1db3eb70 by Thorsten Alteholz at 2018-11-29T18:42:01Z
nothing needs to be done with tcpdump

- - - - -
e4250239 by Thorsten Alteholz at 2018-11-29T18:42:01Z
add sleuthkit

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2995,6 +2995,7 @@ CVE-2018-19533
 CVE-2018-19532 (A NULL pointer dereference vulnerability exists in the function ...)
 	- libpodofo <unfixed> (low)
 	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/podofo/tickets/32/
 CVE-2018-19531 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote ...)
 	NOT-FOR-US: HTTL


=====================================
data/dla-needed.txt
=====================================
@@ -50,15 +50,15 @@ samba (Emilio Pozuelo)
 salt (Mike Gabriel)
   NOTE: 20181128: Have spent 0.75h on looking for the actual commits that fixed both open CVEs.
   NOTE: 20181128: No such URLs / hints / messages in Git log found.
-  
+--
+sleuthkit
+  NOTE: seem to be more problems than mentioned in the CVE if nodesize == rec_off or (rec_off + keylen) == nodesize
 --
 symfony (Roberto C. Sánchez)
 --
 systemd
   NOTE: 20181119: tmpfiles.d issues remain, fix invasive, consider backporting all of tmpfiles.c (anarcat)
 --
-tcpdump (Thorsten Alteholz)
---
 tiff (Hugo Lefeuvre)
   NOTE: CVE-2018-19210: Working on a patch, see https://gitlab.com/libtiff/libtiff/merge_requests/47
   NOTE: CVE-2018-18661: Easy to patch, but unable to reproduce the error.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/928dbe006d36c5fdee954e698ddcf13b0ff48acd...e425023983a207577efd0db945212d1e217cd7b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/928dbe006d36c5fdee954e698ddcf13b0ff48acd...e425023983a207577efd0db945212d1e217cd7b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181129/8ae6224f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list