[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff jmm at debian.org
Tue Feb 19 21:17:00 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9d86c13 by Moritz Muehlenhoff at 2019-02-19T21:16:37Z
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3231,8 +3231,9 @@ CVE-2019-7444
 CVE-2019-7443 [Insecure handling of arguments in helpers]
 	RESERVED
 	- kauth 5.54.0-2 (bug #921995)
-	[stretch] - kauth <no-dsa> (Minor issue)
+	[stretch] - kauth <no-dsa> (Minor issue, will be fixed in a point release)
 	- kde4libs <unfixed>
+	[stretch] - kde4libs <no-dsa> (Minor issue)
 	NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
 	NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
 CVE-2019-7442
@@ -29300,6 +29301,7 @@ CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack w
 	NOTE: nettle version.
 CVE-2018-16867 (A flaw was found in qemu Media Transfer Protocol (MTP) before version ...)
 	- qemu 1:3.1+dfsg-1 (bug #915884)
+	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6 (master)


=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,9 @@ graphicsmagick
 libidn
   santiago proposed debdiffs for jessie and stretch
 --
+libpng1.6
+  wait for final patch
+--
 libspring-java
 --
 linux



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9d86c1336cad0d06ba9ece636395892232aecd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9d86c1336cad0d06ba9ece636395892232aecd4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190219/1fcd40e8/attachment.html>


More information about the debian-security-tracker-commits mailing list