[Git][security-tracker-team/security-tracker][master] buster/stretch triage

Wed Jul 24 17:35:32 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12bd3496 by Moritz Muehlenhoff at 2019-07-24T16:35:05Z
buster/stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3515,6 +3515,8 @@ CVE-2019-13116
 	RESERVED
 CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
 	- libssh2 <unfixed> (bug #932329)
+	[buster] - libssh2 <no-dsa> (Minor issue)
+	[stretch] - libssh2 <no-dsa> (Minor issue)
 	NOTE: https://blog.semmle.com/libssh2-integer-overflow/
 	NOTE: https://github.com/libssh2/libssh2/pull/350
 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...)
@@ -11989,15 +11991,18 @@ CVE-2019-1010304 (Saleor Issue was introduced by merge commit: e1b01bad0703afd08
 CVE-2019-1010303
 	RESERVED
 CVE-2019-1010302 (jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...)
-	- jhead <unfixed> (bug #932146)
+	- jhead <unfixed> (unimportant; bug #932146)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679978
+	NOTE: No security impact, crash in CLI tool
 CVE-2019-1010301 (jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...)
-	- jhead <unfixed> (bug #932145)
+	- jhead <unfixed> (unimportant; bug #932145)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679952
+	NOTE: No security impact, crash in CLI tool
 CVE-2019-1010300 (mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Ove ...)
 	NOT-FOR-US: libIEC61850
 CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and later is aff ...)
 	- rustc 1.30.0+dfsg1-1
+	[stretch] - rustc <ignored> (Minor issue)
 	NOTE: https://github.com/rust-lang/rust/issues/53566
 	NOTE: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d
 CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -66,6 +66,10 @@ smarty3/oldstable
 --
 sox/oldstable (jmm)
 --
+squid3/oldstable
+--
+squid/stable
+--
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12bd34967d7ec5af4c01141de7fa97ea4f6c4326

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12bd34967d7ec5af4c01141de7fa97ea4f6c4326
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190724/6afeabea/attachment-0001.html>
