[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-19778 and CVE-2019-19777 as no-dsa for jessie

Sat Dec 14 19:15:05 GMT 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a3b2091 by Thorsten Alteholz at 2019-12-14T19:08:36Z
mark CVE-2019-19778 and CVE-2019-19777 as no-dsa for jessie

- - - - -
327b8ee4 by Thorsten Alteholz at 2019-12-14T19:10:42Z
add spamassassin

- - - - -
82de1f49 by Thorsten Alteholz at 2019-12-14T19:13:05Z
add cups

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,11 +40,13 @@ CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based
 	- libsixel <unfixed>
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/110
 CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
 	- libsixel <unfixed>
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/109
 CVE-2019-19776
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,8 @@ ansible
 clamav (Hugo Lefeuvre)
   NOTE: waiting for 0.102.1 to enter stretch/buster.
 --
+cups (Thorsten Alteholz)
+--
 freeimage (Hugo Lefeuvre)
   NOTE: 20191210: already released DLA-2031-1, still working on CVE-2019-12214 and CVE-2019-12212.
   NOTE: CVE-2019-12214: fuzzed with an ancient version of openjpeg, needs more investigation
@@ -98,6 +100,9 @@ slurm-llnl
   NOTE: 20191022: 750cc23edcc6fddfff21d33bdaf4fb7deb28cfda would be a start.(abhijith)
   NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
 --
+spamassassin
+  NOTE: 20191214: bugs not yet public
+--
 sqlite3 (Thorsten Alteholz)
   NOTE: 20191212: look at no-dsa as well
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7454b23f9586806e78a100d1161f24465314aafc...82de1f498a0825abd076a926b15fdae5a6bd6ece

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7454b23f9586806e78a100d1161f24465314aafc...82de1f498a0825abd076a926b15fdae5a6bd6ece
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191214/3bc5ff00/attachment-0001.html>
