[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2019-14751 as no-dsa for Jessie

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d88c7168 by Thorsten Alteholz at 2019-08-23T11:13:35Z
mark CVE-2019-14751 as no-dsa for Jessie

- - - - -
bbd80e0e by Thorsten Alteholz at 2019-08-23T11:45:07Z
add common-beanutils

- - - - -
55851d1e by Thorsten Alteholz at 2019-08-23T11:46:06Z
add icedtea-web

- - - - -
0c9c524d by Thorsten Alteholz at 2019-08-23T11:56:13Z
add libcrypto++

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2233,6 +2233,7 @@ CVE-2019-14752
 	RESERVED
 CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...)
 	- nltk <unfixed> (bug #935201)
+	[jessie] - nltk <no-dsa> (Minor issue; user has to configure a compromised server)
 	NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/
 	NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10
 CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -24,6 +24,8 @@ clamav (Hugo Lefeuvre)
   NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see bug
   NOTE: report) (hle)
 --
+commons-beanutils
+--
 dnsmasq (Mike Gabriel)
 --
 djvulibre (Thorsten Alteholz)
@@ -47,6 +49,8 @@ hdf5 (Hugo Lefeuvre)
   NOTE: wait for the next HDF5 point release and either do full package upgrade
   NOTE: or cherry pick fixes (hle)
 --
+icedtea-web
+--
 libav
   NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no patch
@@ -54,6 +58,8 @@ libav
   NOTE: 20190529: out patches yourself.
   NOTE: 20190731: New CVEs occurred, need to be triaged.
 --
+libcrypto++
+--
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
   NOTE: triage work needed, help security team for fixes if needed.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8e4c7f3b207eadb5204aa3324ee019b036c16c0...0c9c524d171da74eef4f92e12429009a7ae4cdc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8e4c7f3b207eadb5204aa3324ee019b036c16c0...0c9c524d171da74eef4f92e12429009a7ae4cdc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190823/8d1ab949/attachment.html>