[Git][security-tracker-team/security-tracker][master] 5 commits: data/dla-needed.txt: Triage nsis for jessie.

Sun Oct 7 08:49:41 BST 2018

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae453c95 by Chris Lamb at 2018-10-07T07:42:04Z
data/dla-needed.txt: Triage nsis for jessie.

- - - - -
9c8fab59 by Chris Lamb at 2018-10-07T07:42:10Z
Triage binutils for jessie LTS.

- - - - -
758726bf by Chris Lamb at 2018-10-07T07:43:22Z
data/dla-needed.txt: Triage clamav for jessie.

- - - - -
f2df808c by Chris Lamb at 2018-10-07T07:48:59Z
data/dla-needed.txt: Triage libpdfbox-java for jessie.

- - - - -
e6386112 by Chris Lamb at 2018-10-07T07:49:19Z
data/dla-needed.txt: Standardise the use of my name for clarity.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,6 +75,7 @@ CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the pa
 CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
 CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 ...)
 	NOT-FOR-US: ISPConfig


=====================================
data/dla-needed.txt
=====================================
@@ -15,6 +15,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 --
 adplug (Chris Lamb)
 --
+clamav
+--
 enigmail
   NOTE: 20180926: see 871s9fps8e.fsf at curie.anarc.at before working on this (anarcat)
 --
@@ -25,7 +27,7 @@ firefox-esr (Emilio Pozuelo)
   NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
 --
 gnutls28 (Antoine Beaupre)
-  NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (lamby)
+  NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb)
 --
 jekyll (Abhijith PA)
 --
@@ -36,6 +38,9 @@ libav (Hugo Lefeuvre)
   NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. Help needed for CVE triage and patch development.
   NOTE: 20180529: Just contacted some of the CVE reporters to ask for the reproducers, CC-ed team ML.
 --
+libpdfbox-java
+  NOTE: 20181007: Can't find the upstream fixing commit atm (Chris Lamb)
+--
 libspring-java (Abhijith PA)
 --
 linux (Ben Hutchings)
@@ -44,6 +49,10 @@ linux-4.9 (Ben Hutchings)
 --
 mysql-5.5 (Emilio Pozuelo)
 --
+nsis
+  NOTE: 20181007: Windows installer, but issue was reported by gpg4win so
+  NOTE: 20181007: likely affects UNIX systems. (Chris Lamb)
+--
 openjdk-7 (Emilio Pozuelo)
 --
 openjpeg2 (Hugo Lefeuvre)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/be512e3c5730ca63d273867b89a179ec237e4fda...e6386112d163da1bc7109694f332496d864586d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/be512e3c5730ca63d273867b89a179ec237e4fda...e6386112d163da1bc7109694f332496d864586d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181007/f0e9bc92/attachment-0001.html>
