[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs have been fixed

Wed Jan 30 20:43:04 GMT 2019

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a67d65cb by Thorsten Alteholz at 2019-01-30T20:44:49Z
CVEs have been fixed

- - - - -
8ccf597a by Thorsten Alteholz at 2019-01-30T20:45:22Z
Reserve DLA-1651-1 for libgd2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -28467,7 +28467,6 @@ CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 vers
 CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
 	- libgd2 2.2.5-4.1 (low; bug #906886)
 	[stretch] - libgd2 2.2.4-2+deb9u3
-	[jessie] - libgd2 <postponed> (Minor issue)
 	NOTE: https://github.com/libgd/libgd/issues/447
 	NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
 CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow ...)
@@ -55861,7 +55860,6 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PH
 	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
 	- libgd2 2.2.5-4.1 (bug #887485)
 	[stretch] - libgd2 2.2.4-2+deb9u3
-	[jessie] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
 	NOTE: https://github.com/libgd/libgd/issues/420
 	NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
 CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2019] DLA-1651-1 libgd2 - security update
+	{CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978}
+	[jessie] - libgd2 2.1.0-5+deb8u12
 [30 Jan 2019] DLA-1650-1 rssh - security update
 	{CVE-2019-1000018}
 	[jessie] - rssh 2.3.4-4+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -70,8 +70,6 @@ jackson-databind (Thorsten Alteholz)
 libav (Mike Gabriel)
   NOTE: 20190128: More patches / fixes in my local pipeline. Uploads coming soon.
 --
-libgd2 (Thorsten Alteholz)
---
 libraw (Abhijith PA)
   NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
   NOTE: especially those that are still marked vulnerable in Stretch but also



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45c8e8ddfcba339333f1b95ec9f1a7daf7ecf53c...8ccf597af61f75314195bfcc569def556d808132

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45c8e8ddfcba339333f1b95ec9f1a7daf7ecf53c...8ccf597af61f75314195bfcc569def556d808132
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190130/ddb47d74/attachment-0001.html>
