[Git][security-tracker-team/security-tracker][master] dla-needed: update tiff and qemu entries

Hugo Lefeuvre hle at debian.org
Tue Jan 22 17:23:38 GMT 2019 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e6cb41b by Hugo Lefeuvre at 2019-01-22T17:23:13Z
dla-needed: update tiff and qemu entries

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -113,6 +113,9 @@ python3.4 (Brian May)
 qemu (Hugo Lefeuvre)
   NOTE: CVE-2018-19665: no practical exploit at the moment + patch quite big (but easy to review, though)
   NOTE: CVE-2018-19665: this is a good candidate for no-dsa
+  NOTE: CVE-2018-19665: well I might be able to come up with a highly trimmed down version of the patch so
+  NOTE: CVE-2018-19665: it might still be worth it.
+  NOTE: 20190122: otherwise still working on the next upload, will address 9p race conditions as well.
 --
 symfony (Roberto C. Sánchez)
   NOTE: 20181217: Patches are all backported but package FTBFS (unit tests failures).
@@ -123,9 +126,9 @@ systemd
   NOTE: 20181119: tmpfiles.d issues remain, fix invasive, consider backporting all of tmpfiles.c (anarcat)
 --
 tiff
-  NOTE: CVE-2018-19210: Working on a patch, see https://gitlab.com/libtiff/libtiff/merge_requests/47
-  NOTE: CVE-2018-19210: 20181219: got review from upstream, waiting for final ack before uploading
-  NOTE: CVE-2018-5360: 20181219: asked for cve update as duplicate of CVE-2014-8127
+  NOTE: CVE-2018-19210: patch proposal: https://gitlab.com/libtiff/libtiff/merge_requests/47
+  NOTE: CVE-2018-19210: 20190122: upstream silent (hle)
+  NOTE: CVE-2018-5360: 20181219: asked for cve update as duplicate of CVE-2014-8127 (hle)
   NOTE: CVE-2018-18661: Easy to patch, but unable to reproduce the error.
   NOTE: CVE-2018-18661: Not possible to prove it fixes the specified vulnerability.
   NOTE: CVE-2018-18661: See thread starting at https://lists.debian.org/debian-lts/2018/11/msg00033.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e6cb41bc297eaa5d9f79d8b3d4768dd6d6dbc36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e6cb41bc297eaa5d9f79d8b3d4768dd6d6dbc36
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/bcddf445/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list