[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2019-3832 for libsndfile in Jessie LTS.

Sun Feb 17 10:16:12 GMT 2019

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
815ff088 by Chris Lamb at 2019-02-17T10:13:44Z
Triage CVE-2019-3832 for libsndfile in Jessie LTS.

- - - - -
5066bb01 by Chris Lamb at 2019-02-17T10:14:37Z
Triage CVE-2019-8343 in nasm for Jessie LTS.

- - - - -
3c9605d0 by Chris Lamb at 2019-02-17T10:15:44Z
data/dla-needed.txt: Triage kde4libs for Jessie LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -121,6 +121,7 @@ CVE-2019-8344
 CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in ...)
 	- nasm <unfixed> (bug #922433)
 	[stretch] - nasm <no-dsa> (Minor issue)
+	[jessie] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
 CVE-2019-8342
 	RESERVED
@@ -10285,6 +10286,7 @@ CVE-2019-3832 [incomplete fix for CVE-2018-19758]
 	RESERVED
 	- libsndfile <unfixed> (bug #922372)
 	[stretch] - libsndfile <not-affected> (Incomplete fix for CVE-2018-19758 not applied)
+	[jessie] - libsndfile <not-affected> (Incomplete fix for CVE-2018-19758 not applied)
 	NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
 CVE-2019-3831
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -54,6 +54,8 @@ jackson-databind
   NOTE: 20190210: this blacklist (class SubTypeValidator) is not available in Jessie
   NOTE: 20190210: should that be backported or the CVEs marked as no-dsa?
 --
+kde4libs
+--
 libav (Mike Gabriel)
   NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bd9733343e5b37f7548c6f3e6fe02b186c3d2265...3c9605d05b1dab1d1adb8a8856592062465ab58a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bd9733343e5b37f7548c6f3e6fe02b186c3d2265...3c9605d05b1dab1d1adb8a8856592062465ab58a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190217/f5fde49d/attachment-0001.html>
