[Git][security-tracker-team/security-tracker][master] 2 commits: mark vlc as EOL in Jessie
Thorsten Alteholz
alteholz at debian.org
Tue Jul 23 19:15:00 BST 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
629db58a by Thorsten Alteholz at 2019-07-23T18:06:38Z
mark vlc as EOL in Jessie
- - - - -
a62fe52d by Thorsten Alteholz at 2019-07-23T18:06:38Z
add jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -554,6 +554,7 @@ CVE-2019-13963
RESERVED
CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
- vlc <unfixed>
+ [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
NOTE: https://trac.videolan.org/vlc/ticket/22240
CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the ...)
@@ -1285,6 +1286,7 @@ CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-r
- vlc <unfixed> (bug #932241)
[buster] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
[stretch] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
+ [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://trac.videolan.org/vlc/ticket/22474
CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link ...)
NOT-FOR-US: TP-Link
@@ -2301,6 +2303,7 @@ CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp
- vlc 3.0.7.1-2 (bug #932131)
[buster] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
[stretch] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
+ [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938
CVE-2019-13601
=====================================
data/dla-needed.txt
=====================================
@@ -13,6 +13,9 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
cfengine3
NOTE: 20190628: likely not affected by CVE-2019-9929, but other not-yet-CVE'ed issues ahead
--
+exim4
+ NOTE: Jessie probably affected, no details published yet
+--
faad2 (Hugo Lefeuvre)
NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon.
NOTE: 20190525: see https://github.com/knik0/faad2/pull/36
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a492fa12ec9bb0ace87c08f9624cc9d97d1d7b28...a62fe52d9111b164be8f260adbc6f6e5c563cb19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a492fa12ec9bb0ace87c08f9624cc9d97d1d7b28...a62fe52d9111b164be8f260adbc6f6e5c563cb19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190723/09c92de8/attachment.html>
More information about the debian-security-tracker-commits
mailing list