[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Wed Apr 24 21:58:45 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0427b3a by Moritz Muehlenhoff at 2019-04-24T20:58:23Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,10 +121,11 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3
[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
- - atril <unfixed> (bug #927821)
- - evince <unfixed> (bug #927820)
+ - atril <unfixed> (unimportant; bug #927821)
+ - evince <unfixed> (unimportant; bug #927820)
NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7
+ NOTE: Negligible security impact
CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...)
- linux 3.11.7-1
NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
@@ -8370,21 +8371,19 @@ CVE-2019-8359
CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...)
NOT-FOR-US: Hiawatha
CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...)
- - sox <unfixed> (low)
- [buster] - sox <no-dsa> (Minor issue)
- [stretch] - sox <no-dsa> (Minor issue)
+ - sox <unfixed> (low; bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/318
NOTE: https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/
CVE-2019-8356 (An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/321
NOTE: https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/
CVE-2019-8355 (An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integ ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/320
NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/319
NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8353
@@ -90260,9 +90259,7 @@ CVE-2017-15234
CVE-2017-15233
RESERVED
CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...)
- - libjpeg-turbo <unfixed> (low; bug #878567)
- [stretch] - libjpeg-turbo <ignored> (Minor issue)
- [jessie] - libjpeg-turbo <no-dsa> (Minor issue)
+ - libjpeg-turbo <unfixed> (unimportant; bug #878567)
- libjpeg6b <not-affected> (Vulnerable code not present)
- libjpeg8 <not-affected> (Vulnerable code not present)
- libjpeg9 <not-affected> (Vulnerable code not present)
@@ -90271,6 +90268,7 @@ CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c
NOTE: IJG libjpeg releases not affected, see https://lists.debian.org/debian-lts/2017/10/msg00061.html
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/073b0e88a192adebbb479ee2456beb089d8b5de7
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5bc43c7821df982f65aa1c738f67fbf7cba8bd69
+ NOTE: Crash in CLI tools, no security impact
CVE-2017-15231
RESERVED
CVE-2017-15230
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0427b3a6f83fcd238cab4ed17338d7c50440a8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0427b3a6f83fcd238cab4ed17338d7c50440a8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190424/8f6816b3/attachment.html>
More information about the debian-security-tracker-commits
mailing list