[Git][security-tracker-team/security-tracker][master] 4 commits: new CVE for patch

Mon Jul 22 12:08:44 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34983754 by Thorsten Alteholz at 2019-07-22T10:51:07Z
new CVE for patch

- - - - -
cb44e616 by Thorsten Alteholz at 2019-07-22T10:51:59Z
mark CVE-2019-1010060 as no-dsa for Jessie

- - - - -
12510a5b by Thorsten Alteholz at 2019-07-22T10:57:24Z
mark CVE-2019-13117 for Jessie as no-dsa

- - - - -
5d8dab73 by Thorsten Alteholz at 2019-07-22T10:57:54Z
mark CVE-2019-13118 for Jessie as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3433,6 +3433,7 @@ CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characte
 	- libxslt <unfixed> (low; bug #931320)
 	[buster] - libxslt <no-dsa> (Minor issue)
 	[stretch] - libxslt <no-dsa> (Minor issue)
+	[jessie] - libxslt <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
 	NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
@@ -3440,6 +3441,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
 	- libxslt <unfixed> (low; bug #931321)
 	[buster] - libxslt <no-dsa> (Minor issue)
 	[stretch] - libxslt <no-dsa> (Minor issue)
+	[jessie] - libxslt <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
 	NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
@@ -12455,6 +12457,7 @@ CVE-2019-1010061
 CVE-2019-1010060 (NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact ...)
 	- cfitsio 3.430-1 (low; bug #892458)
 	[stretch] - cfitsio <no-dsa> (Minor issue)
+	[jessie] - cfitsio <no-dsa> (Minor issue)
 	NOTE: The issue is specifically to other issues not covered by CVE-2018-3846,
 	NOTE: CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849 but fixed in 3.43. One
 	NOTE: example is ftp_status in drvrnet.c mishandling a long string beginning


=====================================
data/dla-needed.txt
=====================================
@@ -89,6 +89,8 @@ openjdk-7 (Markus Koschany)
 --
 otrs2 (Abhijith PA)
 --
+patch (Thorsten Alteholz)
+--
 php5
 --
 pound (Hugo Lefeuvre)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5baaad020b47fd3ef12af2a452e4714447d3ea4d...5d8dab73ffccc7d12e2fc77e6f8db07aeb57035a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5baaad020b47fd3ef12af2a452e4714447d3ea4d...5d8dab73ffccc7d12e2fc77e6f8db07aeb57035a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190722/1f17987b/attachment.html>
