[Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: add ghostscript
Mike Gabriel
sunweaver at debian.org
Fri Aug 30 11:45:07 BST 2019
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03d7e457 by Mike Gabriel at 2019-08-30T10:43:47Z
data/dla-needed.txt: add ghostscript
- - - - -
e558dc56 by Mike Gabriel at 2019-08-30T10:44:17Z
data/dla-needed.txt: add irssi.
- - - - -
da2286f9 by Mike Gabriel at 2019-08-30T10:44:48Z
data/CVE/list: Triage golang/jessie.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2959,6 +2959,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang <removed>
+ [jessie] - golang <ignored> (Fix too invasive to backport, url.go file in jessie too far behind upstream)
NOTE: Issue: https://github.com/golang/go/issues/29098
NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11)
NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12)
@@ -19354,6 +19355,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang <removed>
+ [jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
- nodejs <unfixed> (bug #934885)
[stretch] - nodejs <not-affected> (No HTTP2 support yet)
@@ -19390,6 +19392,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang <removed>
+ [jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
- trafficserver 8.0.5+ds-1 (bug #934887)
- h2o 2.2.5+dfsg2-3 (bug #934886)
=====================================
data/dla-needed.txt
=====================================
@@ -37,6 +37,8 @@ freeimage
NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
--
+ghostscript
+--
golang-go.crypto
NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby)
--
@@ -53,6 +55,8 @@ imagemagick
NOTE: 20190829: we also work on <no-dsa> issues whereas the security team would not.
NOTE: 20190829: Only claim this, if nothing more urgent is available in dla-needed.txt.
--
+irssi (Mike Gabriel)
+--
libav
NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no patch
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/c22bfe09/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list