[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56702eea by Moritz Muehlenhoff at 2019-04-04T21:03:58Z
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2173,6 +2173,7 @@ CVE-2019-9905
 	RESERVED
 CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...)
 	- graphviz <unfixed> (low; bug #925284)
+	[buster] - graphviz <no-dsa> (Minor issue)
 	[stretch] - graphviz <no-dsa> (Minor issue)
 	[jessie] - graphviz <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
@@ -6702,7 +6703,9 @@ CVE-2019-8359
 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...)
 	NOT-FOR-US: Hiawatha
 CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c  ...)
-	- sox <unfixed>
+	- sox <unfixed> (low)
+	[buster] - sox <no-dsa> (Minor issue)
+	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/318
 CVE-2019-8356 (An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2  ...)
 	- sox <unfixed>
@@ -10702,6 +10705,7 @@ CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&ac
 	NOT-FOR-US: PHPSHE
 CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For examp ...)
 	- lua5.3 <unfixed> (bug #920321)
+	[buster] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
 	- lua5.2 <not-affected> (Vulnerable code introduced later)
 	- lua5.1 <not-affected> (Vulnerable code introduced later)
@@ -24460,6 +24464,7 @@ CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a b
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	- qt4-x11 <unfixed> (low; bug #923003)
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	[jessie] - qt4-x11 <ignored> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
@@ -24476,6 +24481,7 @@ CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile U
 	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
 	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
 	- qt4-x11 <unfixed> (low; bug #923003)
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	[jessie] - qt4-x11 <postponed> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
@@ -24487,6 +24493,7 @@ CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF ima
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	- qt4-x11 <unfixed> (low; bug #923003)
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	[jessie] - qt4-x11 <ignored> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/56702eead52b6138e7d4aa13835cfbeebaf85bd8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/56702eead52b6138e7d4aa13835cfbeebaf85bd8
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190404/0a3e1b08/attachment.html>