[Git][security-tracker-team/security-tracker][master] postgres DSA

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
016f8b3f by Moritz Muehlenhoff at 2019-08-08T20:12:08Z
postgres DSA
libopenmpt triage

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1505,19 +1505,22 @@ CVE-2019-14385
 CVE-2019-14384
 	RESERVED
 CVE-2019-14383 (J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...)
-	- libopenmpt 0.4.2-1
+	- libopenmpt 0.4.2-1 (unimportant)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/
 	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=11216
+	NOTE: Negligible security impact
 CVE-2019-14382 (DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...)
-	- libopenmpt 0.4.2-1
+	- libopenmpt 0.4.2-1 (unimportant)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/
 	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=11209
+	NOTE: Negligible security impact
 CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereferen ...)
 	- libopenmpt 0.4.3-1
 	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2.x series)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/
 CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...)
-	- libopenmpt 0.4.5-1
+	- libopenmpt 0.4.5-1 (low)
+	[buster] - libopenmpt <no-dsa> (Minor issue)
 	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2 branch)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/
 CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[08 Aug 2019] DSA-4493-1 postgresql-11 - security update
+	{CVE-2019-10208 CVE-2019-10209}
+	[buster] - postgresql-11 11.5-1+deb10u1
+[08 Aug 2019] DSA-4492-1 postgresql-9.6 - security update
+	{CVE-2019-10208}
+	[stretch] - postgresql-9.6 9.6.15-0+deb9u1
 [04 Aug 2019] DSA-4491-1 proftpd-dfsg - security update
 	{CVE-2019-12815}
 	[stretch] - proftpd-dfsg 1.3.5b-4+deb9u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/016f8b3f6ea31af4019b72162f71a8a9f5349b4e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/016f8b3f6ea31af4019b72162f71a8a9f5349b4e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190808/c3c37780/attachment-0001.html>