[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2016-10739 as no-dsa for jessie

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24b21792 by Thorsten Alteholz at 2019-01-22T19:15:01Z
mark CVE-2016-10739 as no-dsa for jessie

- - - - -
8906bfe8 by Thorsten Alteholz at 2019-01-22T19:19:11Z
mark twitter-bootstrap CVEs as no-dsa for Jessie

- - - - -
77c3ddc9 by Thorsten Alteholz at 2019-01-22T19:20:32Z
add drupal7

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,6 +6,7 @@ CVE-2019-6501 [scsi-generic: possible OOB access while handling inquiry request]
 CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo ...)
 	- glibc <unfixed> (bug #920047)
 	[stretch] - glibc <no-dsa> (Minor issue)
+	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1347549
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20018
@@ -1906,6 +1907,7 @@ CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. Thi
 CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration ...)
 	- twitter-bootstrap <unfixed>
 	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
+	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
 	- twitter-bootstrap3 3.4.0+dfsg-1
 	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
@@ -1917,6 +1919,7 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configur
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...)
 	- twitter-bootstrap <unfixed>
 	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
+	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
 	- twitter-bootstrap3 3.4.0+dfsg-1
 	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
@@ -30788,6 +30791,7 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect f
 CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...)
 	- twitter-bootstrap <unfixed>
 	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
+	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
 	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
 	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
@@ -30814,6 +30818,7 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-
 	{DLA-1479-1}
 	- twitter-bootstrap <unfixed>
 	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
+	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
 	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
 	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/


=====================================
data/dla-needed.txt
=====================================
@@ -13,6 +13,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 cairo
   NOTE: 20190109: No fix available yet. (ola)
 --
+drupal7
+--
 enigmail
   NOTE: 20181113: depends on gnupg2 updates, see 87r2fqnja0.fsf at curie.anarc.at (anarcat)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2ba248f0e84dae80dd0cdfc123012be1ef6c368d...77c3ddc9178f2bedc7444b0887c790177725ca40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2ba248f0e84dae80dd0cdfc123012be1ef6c368d...77c3ddc9178f2bedc7444b0887c790177725ca40
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/52959a5e/attachment-0001.html>