[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs have been fixed
Thorsten Alteholz
alteholz at debian.org
Wed Jan 30 20:43:04 GMT 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a67d65cb by Thorsten Alteholz at 2019-01-30T20:44:49Z
CVEs have been fixed
- - - - -
8ccf597a by Thorsten Alteholz at 2019-01-30T20:45:22Z
Reserve DLA-1651-1 for libgd2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -28467,7 +28467,6 @@ CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 vers
CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
- libgd2 2.2.5-4.1 (low; bug #906886)
[stretch] - libgd2 2.2.4-2+deb9u3
- [jessie] - libgd2 <postponed> (Minor issue)
NOTE: https://github.com/libgd/libgd/issues/447
NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow ...)
@@ -55861,7 +55860,6 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PH
NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
- libgd2 2.2.5-4.1 (bug #887485)
[stretch] - libgd2 2.2.4-2+deb9u3
- [jessie] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
NOTE: https://github.com/libgd/libgd/issues/420
NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2019] DLA-1651-1 libgd2 - security update
+ {CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978}
+ [jessie] - libgd2 2.1.0-5+deb8u12
[30 Jan 2019] DLA-1650-1 rssh - security update
{CVE-2019-1000018}
[jessie] - rssh 2.3.4-4+deb8u1
=====================================
data/dla-needed.txt
=====================================
@@ -70,8 +70,6 @@ jackson-databind (Thorsten Alteholz)
libav (Mike Gabriel)
NOTE: 20190128: More patches / fixes in my local pipeline. Uploads coming soon.
--
-libgd2 (Thorsten Alteholz)
---
libraw (Abhijith PA)
NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
NOTE: especially those that are still marked vulnerable in Stretch but also
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45c8e8ddfcba339333f1b95ec9f1a7daf7ecf53c...8ccf597af61f75314195bfcc569def556d808132
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45c8e8ddfcba339333f1b95ec9f1a7daf7ecf53c...8ccf597af61f75314195bfcc569def556d808132
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190130/ddb47d74/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list