[Git][security-tracker-team/security-tracker][master] 4 commits: add yara

Thu Dec 12 21:51:00 GMT 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6954ed3c by Thorsten Alteholz at 2019-12-12T21:50:43Z
add yara

- - - - -
28348ec9 by Thorsten Alteholz at 2019-12-12T21:50:43Z
add libssh

- - - - -
234a2351 by Thorsten Alteholz at 2019-12-12T21:50:43Z
add sqlite3

- - - - -
419e020c by Thorsten Alteholz at 2019-12-12T21:50:44Z
mark CVE-2017-18640 as no-dsa for jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1085,6 +1085,7 @@ CVE-2019-19727
 	RESERVED
 CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion during a l ...)
 	- snakeyaml <unfixed>
+	[jessie] - snakeyaml <no-dsa> (unclear security impact)
 	NOTE: https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
 CVE-2019-19726 (OpenBSD through 6.6 allows local users to escalate to root because a c ...)
 	NOT-FOR-US: OpenBSD


=====================================
data/dla-needed.txt
=====================================
@@ -60,6 +60,9 @@ libmatio (Adrian Bunk)
   NOTE: 20190428: older changes seem to also be required for them
   NOTE: 20191208: work is ongoing
 --
+libssh
+  NOTE: 20191212: bug not public
+--
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
@@ -106,6 +109,9 @@ slurm-llnl
   NOTE: 20191022: 750cc23edcc6fddfff21d33bdaf4fb7deb28cfda would be a start.(abhijith)
   NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
 --
+sqlite3 (Thorsten Alteholz)
+  NOTE: 20191212: look at no-dsa as well
+--
 squid3
   NOTE: 20191210: Requires new API SBuf.
 --
@@ -122,3 +128,6 @@ xcftools (Hugo Lefeuvre)
 --
 xen
 --
+yara
+  NOTE: 20191212: no upstream fix yet
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bfac3ce183f364b37d3013ec6150f0ffac57272b...419e020cf39a4e011d9b9eed9a9b956a2c15825e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bfac3ce183f364b37d3013ec6150f0ffac57272b...419e020cf39a4e011d9b9eed9a9b956a2c15825e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191212/db5d584f/attachment.html>
