[Git][security-tracker-team/security-tracker][master] 3 commits: add libjpeg-turbo

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc84d3d9 by Thorsten Alteholz at 2019-01-21T15:48:27Z
add libjpeg-turbo

- - - - -
eb80e652 by Thorsten Alteholz at 2019-01-21T15:48:28Z
mark CVE-2019-6285 as no-dsa for jessie

- - - - -
18cbe035 by Thorsten Alteholz at 2019-01-21T15:48:29Z
mark CVE-2019-6292 as no-dsa for jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -535,8 +535,10 @@ CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal
 CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
 	- yaml-cpp <unfixed> (bug #919430)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
+	[jessie] - yaml-cpp <no-dsa> (Minor issue)
 	- yaml-cpp0.3 <removed>
 	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
+	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/657
 CVE-2019-6291 (An issue was discovered in the function expr6 in eval.c in Netwide ...)
 	- nasm <unfixed> (unimportant)
@@ -559,8 +561,10 @@ CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka ...)
 	- yaml-cpp <unfixed> (bug #919432)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
+	[jessie] - yaml-cpp <no-dsa> (Minor issue)
 	- yaml-cpp0.3 <removed>
 	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
+	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/660
 CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in ...)
 	- libsass <unfixed> (low)


=====================================
data/dla-needed.txt
=====================================
@@ -71,6 +71,9 @@ libav (Mike Gabriel)
 libpng
   NOTE: 20190121: Are we sure? Quoting upstream on CVE-2019-6129: "I think this is not a security issue at all". (lamby)
 --
+libjpeg-turbo
+  NOTE: 20190121: as Mike is an Uploader:, probably he wants to do this ...
+--
 libraw (Abhijith PA)
   NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
   NOTE: especially those that are still marked vulnerable in Stretch but also



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ae401730efede407a6fa1f38aa5f7d2f94a80312...18cbe0350c573d5bb9ac6f0be25a27e33181335f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ae401730efede407a6fa1f38aa5f7d2f94a80312...18cbe0350c573d5bb9ac6f0be25a27e33181335f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190121/762cb635/attachment.html>