[Git][security-tracker-team/security-tracker][master] Remove pdns, pdns-recursor from dla-needed.txt and update CVE

Abhijith PA gitlab at salsa.debian.org
Thu Jan 10 03:49:02 GMT 2019


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3d33ae3 by Abhijith PA at 2019-01-10T03:48:33Z
Remove pdns, pdns-recursor from dla-needed.txt and update CVE

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -27059,9 +27059,10 @@ CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.
 CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to and ...)
 	- pdns-recursor 4.1.7-1 (bug #913162)
 	[stretch] - pdns-recursor <no-dsa> (Minor issue)
-	[jessie] - pdns-recursor <postponed> (Minor issue)
+	[jessie] - pdns-recursor <ignored> (Minor issue)
 	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
 	NOTE: https://downloads.powerdns.com/patches/2018-07/
+	NOTE: Patch backported for jessie https://git.fosscommunity.in/bhe/patches/raw/master/CVE-2018-14644.patch
 CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow ...)
 	- foreman <itp> (bug #663101)
 	NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source.


=====================================
data/dla-needed.txt
=====================================
@@ -85,14 +85,6 @@ openjpeg2
   NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either.
   NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
 --
-pdns (Abhijith PA)
-  NOTE: 20181203: Upstream fix contain C++11 standard code. Ported one patch. One more left
-  NOTE: 20181227: https://lists.debian.org/debian-lts/2018/12/msg00101.html. (abhijith)
---
-pdns-recursor (Abhijith PA)
-  NOTE: 20181203: Affected by same vulnerability as pdns
-  NOTE: 20181227: https://lists.debian.org/debian-lts/2018/12/msg00101.html. (abhijith)
---
 phpmyadmin (Lucas Kanashiro)
 --
 polarssl



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3d33ae36d33adfd621d85a228a325c5dca04ba3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3d33ae36d33adfd621d85a228a325c5dca04ba3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/92257ed5/attachment.html>


More information about the debian-security-tracker-commits mailing list