[Git][security-tracker-team/security-tracker][master] dla-needed: jinja2, liblivemedia and sox updates

Hugo Lefeuvre hle at debian.org
Tue Apr 16 17:45:12 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9165ebae by Hugo Lefeuvre at 2019-04-16T16:44:20Z
dla-needed: jinja2, liblivemedia and sox updates

sox: nothing new, issues still open and unanswered.

liblivemedia: same, but I'm actually not sure upstream is aware of
these issues. I plan to contact them and see if they are planning to
address these vulnerabilities.

jinja2: reference my message on ML.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -63,7 +63,7 @@ imagemagick (Roberto C. Sánchez)
   NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto)
 --
 jinja2 (Hugo Lefeuvre)
-  NOTE: patch available for CVE-2019-10906.
+  NOTE: 20190416: https://lists.debian.org/debian-lts/2019/04/msg00107.html
 --
 jruby
 --
@@ -73,8 +73,10 @@ libav
   NOTE: 20190401: has been found, so far. If you pick libav, be prepared to work
   NOTE: 20190401: out patches yourself.
 --
-liblivemedia
-  NOTE: 20190318: CVE-2019-773{2,3}: wait for upstream patch - hle
+liblivemedia (Hugo Lefeuvre)
+  NOTE: 20190416: CVE-2019-773{2,3}: wait for upstream patch - hle
+  NOTE: not sure upstream is actually aware of these issues, probably need to
+  NOTE: contact them.
 --
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
@@ -120,7 +122,7 @@ qt4-x11
   NOTE: CVE-2018-19872 id. while we're at it (minor)
 --
 sox
-  NOTE: 20190305: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
+  NOTE: 20190416: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
   NOTE: Check again later. - hle
 --
 systemd (Mike Gabriel)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9165ebae70f25d51f688c4f1e88ed5a2af6d1f46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9165ebae70f25d51f688c4f1e88ed5a2af6d1f46
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190416/4dbab1c0/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list