[Git][security-tracker-team/security-tracker][master] Reserve DLA-1854-1 for libonig
Markus Koschany
apo at debian.org
Wed Jul 17 13:42:13 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df401201 by Markus Koschany at 2019-07-17T12:41:59Z
Reserve DLA-1854-1 for libonig
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Jul 2019] DLA-1854-1 libonig - security update
+ {CVE-2019-13224}
+ [jessie] - libonig 5.9.5-3.2+deb8u2
[13 Jul 2019] DLA-1853-1 libspring-java - security update
{CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211 CVE-2016-9878}
[jessie] - libspring-java 3.0.6.RELEASE-17+deb8u1
=====================================
data/dla-needed.txt
=====================================
@@ -68,10 +68,6 @@ libmatio (Adrian Bunk)
NOTE: 20190428: older changes seem to also be required for them
NOTE: 20190707: work is ongoing
--
-libonig (Markus Koschany)
- NOTE: 20190714: Contacted upstream about CVE-2019-13225, Jessie probably not
- NOTE: affected.
---
libqb
NOTE: 20190616: Upstream patch does not apply at all, but it appears that
NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df401201f4ebc3d0df6bcd098b8f602f9bf385c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df401201f4ebc3d0df6bcd098b8f602f9bf385c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190717/4ad419e0/attachment.html>
More information about the debian-security-tracker-commits
mailing list