[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2019-1020014 as no-dsa

Salvatore Bonaccorso carnil at debian.org
Thu Aug 8 20:30:44 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c07819dc by Salvatore Bonaccorso at 2019-08-08T10:40:44Z
Mark CVE-2019-1020014 as no-dsa

- - - - -
f66fd08e by Salvatore Bonaccorso at 2019-08-08T10:40:44Z
Track proposed fix for golang-github-docker-docker-credential-helpers via buster-pu

- - - - -
68154f71 by Salvatore Bonaccorso at 2019-08-08T19:29:54Z
Merge branch 'golang-github-docker-docker-credential-helpers-buster-pu'

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1803,6 +1803,7 @@ CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3
 	NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine)
 CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
 	- golang-github-docker-docker-credential-helpers 0.6.1-3 (bug #933801)
+	[buster] - golang-github-docker-docker-credential-helpers <no-dsa> (Minor issue, can be fixed in point release)
 	NOTE: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
 CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
 	TODO: check


=====================================
data/next-point-update.txt
=====================================
@@ -40,3 +40,5 @@ CVE-2019-14267
 	[buster] - pdfresurrect 0.15-2+deb10u1
 CVE-2019-XXXX [clamav zip DoS]
 	[buster] - clamav 0.101.2+dfsg-1+deb10u1
+CVE-2019-1020014
+	[buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e94784557900e660e3cbbfa887998fedf2991da6...68154f717ff245aa17afdd09e3b11416ceca37a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e94784557900e660e3cbbfa887998fedf2991da6...68154f717ff245aa17afdd09e3b11416ceca37a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190808/c467b406/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list