[Git][security-tracker-team/security-tracker][master] CVE-2019-646{1,2}, CVE-2018-18064: no-dsa in jessie

Hugo Lefeuvre hle at debian.org
Thu Feb 28 13:08:14 GMT 2019


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92f032b0 by Hugo Lefeuvre at 2019-02-28T13:01:38Z
CVE-2019-646{1,2}, CVE-2018-18064: no-dsa in jessie

CVE-2018-18064: painful to reproduce, security implications are low
if not absent.

CVE-2019-646{1,2}: low security implications as well.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6469,11 +6469,13 @@ CVE-2019-6462 (An issue was discovered in cairo 1.16.0. There is an infinite loo
 	- cairo <unfixed> (low)
 	[buster] - cairo <no-dsa> (Minor issue)
 	[stretch] - cairo <no-dsa> (Minor issue)
+	[jessie] - cairo <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/353
 CVE-2019-6461 (An issue was discovered in cairo 1.16.0. There is an assertion problem ...)
 	- cairo <unfixed> (low)
 	[buster] - cairo <no-dsa> (Minor issue)
 	[stretch] - cairo <no-dsa> (Minor issue)
+	[jessie] - cairo <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/352
 CVE-2019-6460 (An issue was discovered in GNU Recutils 1.8. There is a NULL pointer ...)
 	- recutils <unfixed> (unimportant)
@@ -27244,6 +27246,7 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du
 	- cairo <unfixed> (low; bug #916083)
 	[buster] - cairo <no-dsa> (Minor issue)
 	[stretch] - cairo <no-dsa> (Minor issue)
+	[jessie] - cairo <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
 CVE-2018-18063
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -12,9 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 --
 bind9 (Thorsten Alteholz)
 --
-cairo
-  NOTE: 20190109: No fix available yet. (ola)
---
 ceph (Markus Koschany)
 --
 evolution



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92f032b00bcda6e4b3635d5633af4fc49a1ab2db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92f032b00bcda6e4b3635d5633af4fc49a1ab2db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190228/295c9e4d/attachment.html>


More information about the debian-security-tracker-commits mailing list