[Git][security-tracker-team/security-tracker][master] dla-needed: reclaim faad2 and hdf5

Hugo Lefeuvre hle at debian.org
Tue Apr 30 08:19:25 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90e6a2b7 by Hugo Lefeuvre at 2019-04-30T07:18:07Z
dla-needed: reclaim faad2 and hdf5

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -27,8 +27,8 @@ drupal7
 --
 evolution-ews
 --
-faad2
-  NOTE: 20190412: both patches for CVE-2018-20362 and CVE-2018-20194 merged by upstream.
+faad2 (Hugo Lefeuvre)
+  NOTE: 20190430: both patches for CVE-2018-20362 and CVE-2018-20194 merged by upstream.
   NOTE: need to check which other issues have been addressed by these fixes + one more
   NOTE: patch and we will be fit for upload.
 --
@@ -38,8 +38,8 @@ gradle
 --
 graphicsmagick
 --
-hdf5
-  NOTE: requires some prior triage, almost all cves undetermined.
+hdf5 (Hugo Lefeuvre)
+  NOTE: 20190430: requires some prior triage, almost all cves undetermined.
   NOTE: contacted hdf5 upstream, received information, currently updating the tracker.
   NOTE: CVE-2018-17432: Upstream claims to have fixed this in 1.10.5 (issue HDF-10590)
   NOTE: but not mentioned in release notes + no commit directly mentioning the issue
@@ -53,7 +53,7 @@ imagemagick
   NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto)
 --
 jinja2 (Hugo Lefeuvre)
-  NOTE: 20190416: https://lists.debian.org/debian-lts/2019/04/msg00107.html
+  NOTE: 20190430: should probably be no-dsa https://lists.debian.org/debian-lts/2019/04/msg00107.html
 --
 jquery
   NOTE: 20190425: probably embedded versions need to be checked as well



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e6a2b745f036ed719b07813352249e64fce0e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e6a2b745f036ed719b07813352249e64fce0e9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190430/2a6550e8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list