[Git][security-tracker-team/security-tracker][master] stretch triage

Moritz Muehlenhoff jmm at debian.org
Mon Jan 21 22:12:57 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
915804fa by Moritz Muehlenhoff at 2019-01-21T22:12:23Z
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -928,11 +928,12 @@ CVE-2019-6134
 	RESERVED
 CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...)
 	- policykit-1 0.105-25 (bug #918985)
+	[stretch] - policykit-1 <no-dsa> (Minor issue, kernel mitigation will land in next 4.9.x rebase)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
 	NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
 	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
 	NOTE: Issue can be mitigated in kernel with
-	NOTE: https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
+	NOTE: https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf (landed in 4.9.150)
 CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in ...)
 	NOT-FOR-US: Bento4
 CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack ...)
@@ -6966,7 +6967,8 @@ CVE-2018-20550
 	RESERVED
 CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c (function ...)
 	{DLA-1631-1}
-	- libcaca <unfixed> (bug #917807)
+	- libcaca <unfixed> (low; bug #917807)
+	[stretch] - libcaca <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
 	NOTE: https://github.com/cacalabs/libcaca/issues/41
 	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
@@ -6979,13 +6981,15 @@ CVE-2018-20548 (There is an illegal WRITE memory access at common-image.c (funct
 	NOTE: Debian binary packages built with the Imlib2 library
 CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c (function ...)
 	{DLA-1631-1}
-	- libcaca <unfixed> (bug #917807)
+	- libcaca <unfixed> (low; bug #917807)
+	[stretch] - libcaca <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
 	NOTE: https://github.com/cacalabs/libcaca/issues/39
 	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
 CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c (function ...)
 	{DLA-1631-1}
-	- libcaca <unfixed> (bug #917807)
+	- libcaca <unfixed> (low; bug #917807)
+	[stretch] - libcaca <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
 	NOTE: https://github.com/cacalabs/libcaca/issues/38
 	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
@@ -6998,7 +7002,8 @@ CVE-2018-20545 (There is an illegal WRITE memory access at common-image.c (funct
 	NOTE: Debian binary packages built with the Imlib2 library
 CVE-2018-20544 (There is floating point exception at caca/dither.c (function ...)
 	{DLA-1631-1}
-	- libcaca <unfixed> (bug #917807)
+	- libcaca <unfixed> (low; bug #917807)
+	[stretch] - libcaca <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
 	NOTE: https://github.com/cacalabs/libcaca/issues/36
 	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c


=====================================
data/dsa-needed.txt
=====================================
@@ -40,6 +40,8 @@ mbedtls
 --
 mercurial
 --
+openjdk-8 (jmm)
+--
 openjpeg2 (luciano)
 --
 openssh (corsac)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/915804fa12a0bde55db368b16581bbd89fe40adb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/915804fa12a0bde55db368b16581bbd89fe40adb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190121/df3d0984/attachment.html>

More information about the debian-security-tracker-commits mailing list