[Git][security-tracker-team/security-tracker][master] Triage results.

Tue Feb 5 22:47:51 GMT 2019

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e188394 by Ola Lundqvist at 2019-02-05T22:47:30Z
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -334,6 +334,7 @@ CVE-2019-7311
 	RESERVED
 CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer ...)
 	- poppler <unfixed> (bug #921215)
+	[jessie] - poppler <ignored> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
@@ -1110,6 +1111,7 @@ CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library
 	NOTE: Proposed patch: https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
 CVE-2019-6976 (libvips before 8.7.4 writes to uninitialized memory locations in ...)
 	- vips 8.7.4-1
+	[jessie] - vips <ignored> (Minor Issue)
 	NOTE: https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
 CVE-2019-6975
 	RESERVED
@@ -68796,6 +68798,7 @@ CVE-2018-1340 [Secure flag missing from session cookie]
 	RESERVED
 	- guacamole-client <unfixed> (bug #920796)
 	- guacamole <removed>
+	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/24/2
 	NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-549
 	NOTE: https://github.com/apache/guacamole-client/pull/273


=====================================
data/dla-needed.txt
=====================================
@@ -62,6 +62,8 @@ ghostscript (Emilio)
 --
 gnutls28
 --
+golang
+--
 imagemagick
   NOTE: 20181227: We should address the many open issues in imagemagick either
   NOTE: by patching them separetely as we did in Wheezy or by updating to a
@@ -75,6 +77,8 @@ libarchive
 libav (Mike Gabriel)
   NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet.
 --
+liblivemedia
+--
 libraw (Abhijith PA)
   NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
   NOTE: especially those that are still marked vulnerable in Stretch but also
@@ -119,6 +123,11 @@ php5 (Roberto C. Sánchez)
 php-pear
   NOTE: 20190203: CVE-2018-1000888 needed for drupal7. I will look into this after libraw. (abhijith)
 --
+phpmyadmin
+  NOTE: CVE-2019-6798: SQL injection is serious but if you have been able to login as a crafted user
+  NOTE: CVE-2019-6798: that is a more serious problem. The fix is simple so it can still be worth fixing
+  NOTE: CVE-2019-6798: but it is not urgent. Do it together with CVE-2019-6799.
+--
 polarssl
   NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e188394b653829603d15cd6c91df46a8d82a2c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e188394b653829603d15cd6c91df46a8d82a2c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190205/f638f872/attachment-0001.html>
