[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-6477 as not-affected for jessie

Thorsten Alteholz alteholz at debian.org
Mon Dec 2 06:59:21 GMT 2019



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca46f2f6 by Thorsten Alteholz at 2019-12-02T06:58:43Z
mark CVE-2019-6477 as not-affected for jessie

- - - - -
b935e915 by Thorsten Alteholz at 2019-12-02T06:59:05Z
no more CVEs for bind9

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41182,6 +41182,7 @@ CVE-2019-6477 (With pipelining enabled each incoming query on a TCP connection r
 	- bind9 <unfixed> (bug #945171)
 	[buster] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
 	[stretch] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
+	[jessie] - bind9 <not-affected> (Vulnerable code not present)
 	NOTE: https://kb.isc.org/docs/cve-2019-6477
 CVE-2019-6476 (A defect in code added to support QNAME minimization can cause named t ...)
 	- bind9 <not-affected> (Vulnerable code not present)


=====================================
data/dla-needed.txt
=====================================
@@ -15,9 +15,6 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
 --
-bind9 (Thorsten Alteholz)
-  NOTE: no point release in Jessie, so fix it here
---
 clamav (hle)
 --
 exiv2 (daissi)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/886b48daafb65f99e2f99831f658154b3b6cbf9f...b935e9157c183cefb6cc8e583c9785486b1cfcc3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/886b48daafb65f99e2f99831f658154b3b6cbf9f...b935e9157c183cefb6cc8e583c9785486b1cfcc3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191202/33589fec/attachment.html>


More information about the debian-security-tracker-commits mailing list