[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2018-20348,libpff: no-dsa for Jessie
Markus Koschany
apo at debian.org
Sat Jan 5 18:53:13 GMT 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7222fe49 by Markus Koschany at 2019-01-05T18:18:14Z
CVE-2018-20348,libpff: no-dsa for Jessie
Minor issue, upstream states it is alpha software, not used by any sponsor.
- - - - -
d3f55eb9 by Markus Koschany at 2019-01-05T18:33:49Z
CVE-2019-3574,libsixel: no-dsa for Jessie
Issue will be rejected
- - - - -
36c61943 by Markus Koschany at 2019-01-05T18:36:37Z
CVE-2018-15801, libspring-security-2.0-java: no-dsa for Jessie
Minor issue.
- - - - -
43208075 by Markus Koschany at 2019-01-05T18:52:15Z
CVE-2018-20535,CVE-2018-20538,nasm: no-dsa for Jessie
Minor issue, not used by any sponsor.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3862,11 +3862,13 @@ CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary
CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...)
- libsixel <unfixed> (low)
[stretch] - libsixel <no-dsa> (Minor issue)
+ [jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/83
NOTE: Duplicate of CVE-2018-19763. Asked MITRE to REJECT
CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function ...)
- libsixel <unfixed> (low)
[stretch] - libsixel <no-dsa> (Minor issue)
+ [jessie] - libsixel <postponed> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...)
- ming <removed>
@@ -4544,6 +4546,7 @@ CVE-2018-20539 (There is a Segmentation fault triggered by illegal address acces
NOTE: https://github.com/libLAS/libLAS/issues/159
CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline) in ...)
- nasm <unfixed> (bug #918269)
+ [jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531
CVE-2018-20537 (There is a NULL pointer dereference at ...)
- liblas <unfixed>
@@ -4557,6 +4560,7 @@ CVE-2018-20536 (There is a heap-based buffer over-read at ...)
NOTE: https://github.com/libLAS/libLAS/issues/161
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in ...)
- nasm <unfixed> (bug #918270)
+ [jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
CVE-2018-20534 (There is an illegal address access at src/pool.h (function ...)
TODO: check
@@ -5063,6 +5067,7 @@ CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through
CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff before ...)
- libpff 20180714-1
[stretch] - libpff <no-dsa> (Minor issue)
+ [jessie] - libpff <no-dsa> (Minor issue)
NOTE: https://github.com/libyal/libpff/issues/48
CVE-2018-20347
RESERVED
@@ -23606,6 +23611,7 @@ CVE-2018-15802
REJECTED
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...)
- libspring-security-2.0-java <removed>
+ [jessie] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15799
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9ad5554fb7ba00622f0a0c562053803820a67811...43208075565222259c55cf2c6b903f30019c0d06
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9ad5554fb7ba00622f0a0c562053803820a67811...43208075565222259c55cf2c6b903f30019c0d06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190105/d6b63377/attachment.html>
More information about the debian-security-tracker-commits
mailing list