[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-17632 as not affected in Jessie

Sun Dec 15 22:46:54 GMT 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d46e27e by Thorsten Alteholz at 2019-12-15T22:41:55Z
mark CVE-2019-17632 as not affected in Jessie

- - - - -
cb6333f8 by Thorsten Alteholz at 2019-12-15T22:46:08Z
CVE will be fixed now

- - - - -
5d6c4a09 by Thorsten Alteholz at 2019-12-15T22:46:39Z
Reserve DLA-2035-1 for libpgf

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12278,7 +12278,9 @@ CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, an
 	[buster] - jetty9 <no-dsa> (Minor issue)
 	[stretch] - jetty9 <no-dsa> (Minor issue)
 	- jetty8 <removed>
+	[jessie] - jetty8 <not-affected> (vulnerable code introduced later)
 	- jetty <removed>
+	[jessie] - jetty <not-affected> (vulnerable code introduced later)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443
 CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such ...)
 	NOT-FOR-US: Eclipse OpenJ9
@@ -206094,7 +206096,6 @@ CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in D
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. ...)
 	- libpgf 6.14.12-3.2 (bug #798032)
-	[jessie] - libpgf <no-dsa> (Minor issue, can be fixed via a point release)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
 	NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
 	NOTE: https://sourceforge.net/p/libpgf/code/147/


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Dec 2019] DLA-2035-1 libpgf - security update
+	{CVE-2015-6673}
+	[jessie] - libpgf 6.14.12-3+deb8u1
 [14 Dec 2019] DLA-2034-1 davical - security update
 	{CVE-2019-18345 CVE-2019-18346 CVE-2019-18347}
 	[jessie] - davical 1.1.3.1-1+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/07cbdfb5f149609f31c8d0620afcc52b09a2ce16...5d6c4a096ab910a2064f488c7090ad6044073537

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/07cbdfb5f149609f31c8d0620afcc52b09a2ce16...5d6c4a096ab910a2064f488c7090ad6044073537
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191215/8866f310/attachment.html>
