[Git][security-tracker-team/security-tracker][master] CVE-2019-646{1,2}, CVE-2018-18064: no-dsa in jessie
Hugo Lefeuvre
hle at debian.org
Thu Feb 28 13:08:14 GMT 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92f032b0 by Hugo Lefeuvre at 2019-02-28T13:01:38Z
CVE-2019-646{1,2}, CVE-2018-18064: no-dsa in jessie
CVE-2018-18064: painful to reproduce, security implications are low
if not absent.
CVE-2019-646{1,2}: low security implications as well.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6469,11 +6469,13 @@ CVE-2019-6462 (An issue was discovered in cairo 1.16.0. There is an infinite loo
- cairo <unfixed> (low)
[buster] - cairo <no-dsa> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
+ [jessie] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/353
CVE-2019-6461 (An issue was discovered in cairo 1.16.0. There is an assertion problem ...)
- cairo <unfixed> (low)
[buster] - cairo <no-dsa> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
+ [jessie] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/352
CVE-2019-6460 (An issue was discovered in GNU Recutils 1.8. There is a NULL pointer ...)
- recutils <unfixed> (unimportant)
@@ -27244,6 +27246,7 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du
- cairo <unfixed> (low; bug #916083)
[buster] - cairo <no-dsa> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
+ [jessie] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
CVE-2018-18063
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -12,9 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
bind9 (Thorsten Alteholz)
--
-cairo
- NOTE: 20190109: No fix available yet. (ola)
---
ceph (Markus Koschany)
--
evolution
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92f032b00bcda6e4b3635d5633af4fc49a1ab2db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92f032b00bcda6e4b3635d5633af4fc49a1ab2db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190228/295c9e4d/attachment.html>
More information about the debian-security-tracker-commits
mailing list