[Git][security-tracker-team/security-tracker][master] Triage results.

Ola Lundqvist opal at debian.org
Sun Feb 10 16:37:31 GMT 2019 

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f043af36 by Ola Lundqvist at 2019-02-10T16:37:02Z
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8730,6 +8730,7 @@ CVE-2019-3828
 CVE-2019-3827 [Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password]
 	RESERVED
 	- gvfs 1.38.1-3 (bug #921816)
+	[jessie] - gvfs <not-affected> (Vulnerable code not present)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/issues/355
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665578
 	NOTE: Affecting gvfs since 1.29.4 where admin backend was introduced.
@@ -8741,6 +8742,7 @@ CVE-2019-3826 [Stored DOM cross-site scripting (XSS) attack via crafted URL]
 CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed login ...)
 	- gdm3 3.30.2-3 (low; bug #921764)
 	[stretch] - gdm3 <no-dsa> (Minor issue)
+	[jessie] - gdm3 <ignored> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
 CVE-2019-3824
 	RESERVED
@@ -37605,11 +37607,13 @@ CVE-2018-12552
 CVE-2018-12551
 	RESERVED
 	- mosquitto <unfixed>
+	[jessie] - mosquitto <postponed> (Minor issue)
 	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
 	NOTE: https://mosquitto.org/files/cve/2018-12551
 CVE-2018-12550
 	RESERVED
 	- mosquitto <unfixed>
+	[jessie] - mosquitto <postponed> (Minor issue)
 	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
 	NOTE: https://mosquitto.org/files/cve/2018-12550
 CVE-2018-12549
@@ -37621,6 +37625,7 @@ CVE-2018-12547
 CVE-2018-12546
 	RESERVED
 	- mosquitto <unfixed>
+	[jessie] - mosquitto <ignored> (Minor issue)
 	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
 	NOTE: https://mosquitto.org/files/cve/2018-12546
 CVE-2018-12545


=====================================
data/dla-needed.txt
=====================================
@@ -37,6 +37,10 @@ ghostscript (Emilio)
 --
 gnutls28
 --
+gpac
+  NOTE: The package is not very popular so fix it as a low priority task.
+  NOTE: We can consider to postpone it too.
+--
 imagemagick
   NOTE: 20181227: We should address the many open issues in imagemagick either
   NOTE: by patching them separetely as we did in Wheezy or by updating to a
@@ -109,6 +113,9 @@ qemu (Hugo Lefeuvre)
 --
 rdesktop (Emilio)
 --
+rdflib
+  NOTE: Maintainer not contacted. Follow the debian bug about status. This should probably be fixed.
+--
 sox (Adrian)
   NOTE:20190202: Fixed in Buster, Stretch will be fixed via point update. Used
   NOTE: by sponsors. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f043af36b0b69032c726e69dcb7439fb1e055c13

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f043af36b0b69032c726e69dcb7439fb1e055c13
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190210/87fcfc3c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list