[Git][security-tracker-team/security-tracker][master] new java issues

Moritz Muehlenhoff jmm at debian.org
Wed Jan 16 16:18:12 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6703a1c2 by Moritz Muehlenhoff at 2019-01-16T16:17:25Z
new java issues
jpeg9 issues also affect jpeg-turbo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9764,6 +9764,7 @@ CVE-2019-2541
 	RESERVED
 CVE-2019-2540
 	RESERVED
+	NOT-FOR-US: Java Advanced Management Console
 CVE-2019-2539
 	RESERVED
 CVE-2019-2538
@@ -9946,6 +9947,7 @@ CVE-2019-2450
 	RESERVED
 CVE-2019-2449
 	RESERVED
+	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2019-2448
 	RESERVED
 CVE-2019-2447
@@ -9992,6 +9994,9 @@ CVE-2019-2427
 	RESERVED
 CVE-2019-2426
 	RESERVED
+	- openjdk-7 <not-affected> (Specific to Java on Windows)
+	- openjdk-8 <not-affected> (Specific to Java on Windows)
+	- openjdk-11 <not-affected> (Specific to Java on Windows)
 CVE-2019-2425
 	RESERVED
 CVE-2019-2424
@@ -10000,6 +10005,9 @@ CVE-2019-2423
 	RESERVED
 CVE-2019-2422
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
 CVE-2019-2421
 	RESERVED
 CVE-2019-2420
@@ -37992,10 +38000,16 @@ CVE-2018-11215
 	RESERVED
 CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function in ...)
 	- libjpeg9 1:9c-1 (low; bug #902176)
+	- libjpeg-turbo <unfixed>
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91
 CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row function ...)
 	- libjpeg9 1:9c-1 (low; bug #902176)
+	- libjpeg-turbo <unfixed>
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91
 CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in ...)
 	- libjpeg9 1:9c-1 (low; bug #902176)
+	- libjpeg-turbo <unfixed>
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0
 CVE-2018-11211
 	RESERVED
 CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6703a1c2825047fa9f0066efaf47b172c3ea4c12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6703a1c2825047fa9f0066efaf47b172c3ea4c12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190116/25174f5a/attachment.html>

More information about the debian-security-tracker-commits mailing list