[Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: add ghostscript

Fri Aug 30 11:45:07 BST 2019


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03d7e457 by Mike Gabriel at 2019-08-30T10:43:47Z
data/dla-needed.txt: add ghostscript

- - - - -
e558dc56 by Mike Gabriel at 2019-08-30T10:44:17Z
data/dla-needed.txt: add irssi.

- - - - -
da2286f9 by Mike Gabriel at 2019-08-30T10:44:48Z
data/CVE/list: Triage golang/jessie.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2959,6 +2959,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
 	- golang <removed>
+	[jessie] - golang <ignored> (Fix too invasive to backport, url.go file in jessie too far behind upstream)
 	NOTE: Issue: https://github.com/golang/go/issues/29098
 	NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11)
 	NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12)
@@ -19354,6 +19355,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
 	- golang <removed>
+	[jessie] - golang <not-affected> (No HTTP2 support yet)
 	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
 	- nodejs <unfixed> (bug #934885)
 	[stretch] - nodejs <not-affected> (No HTTP2 support yet)
@@ -19390,6 +19392,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
 	- golang <removed>
+	[jessie] - golang <not-affected> (No HTTP2 support yet)
 	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
 	- trafficserver 8.0.5+ds-1 (bug #934887)
 	- h2o 2.2.5+dfsg2-3 (bug #934886)


=====================================
data/dla-needed.txt
=====================================
@@ -37,6 +37,8 @@ freeimage
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
   NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
 --
+ghostscript
+--
 golang-go.crypto
   NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby)
 --
@@ -53,6 +55,8 @@ imagemagick
   NOTE: 20190829: we also work on <no-dsa> issues whereas the security team would not.
   NOTE: 20190829: Only claim this, if nothing more urgent is available in dla-needed.txt.
 --
+irssi (Mike Gabriel)
+--
 libav
   NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/c22bfe09/attachment-0001.html>
