[Git][security-tracker-team/security-tracker][master] dla-needed: jinja2, liblivemedia and sox updates
Hugo Lefeuvre
hle at debian.org
Tue Apr 16 17:45:12 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9165ebae by Hugo Lefeuvre at 2019-04-16T16:44:20Z
dla-needed: jinja2, liblivemedia and sox updates
sox: nothing new, issues still open and unanswered.
liblivemedia: same, but I'm actually not sure upstream is aware of
these issues. I plan to contact them and see if they are planning to
address these vulnerabilities.
jinja2: reference my message on ML.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -63,7 +63,7 @@ imagemagick (Roberto C. Sánchez)
NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto)
--
jinja2 (Hugo Lefeuvre)
- NOTE: patch available for CVE-2019-10906.
+ NOTE: 20190416: https://lists.debian.org/debian-lts/2019/04/msg00107.html
--
jruby
--
@@ -73,8 +73,10 @@ libav
NOTE: 20190401: has been found, so far. If you pick libav, be prepared to work
NOTE: 20190401: out patches yourself.
--
-liblivemedia
- NOTE: 20190318: CVE-2019-773{2,3}: wait for upstream patch - hle
+liblivemedia (Hugo Lefeuvre)
+ NOTE: 20190416: CVE-2019-773{2,3}: wait for upstream patch - hle
+ NOTE: not sure upstream is actually aware of these issues, probably need to
+ NOTE: contact them.
--
libmatio (Adrian Bunk)
NOTE: fairly high number of open issues. Not sure why we never had a look at them.
@@ -120,7 +122,7 @@ qt4-x11
NOTE: CVE-2018-19872 id. while we're at it (minor)
--
sox
- NOTE: 20190305: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
+ NOTE: 20190416: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
NOTE: Check again later. - hle
--
systemd (Mike Gabriel)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9165ebae70f25d51f688c4f1e88ed5a2af6d1f46
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9165ebae70f25d51f688c4f1e88ed5a2af6d1f46
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190416/4dbab1c0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list