[Git][security-tracker-team/security-tracker][master] 10 commits: follow security team with no-dsa for CVE-2019-10206 in Jessie

Fri Jul 26 13:25:38 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46b21c43 by Thorsten Alteholz at 2019-07-26T12:16:48Z
follow security team with no-dsa for CVE-2019-10206 in Jessie

- - - - -
c37fc4a4 by Thorsten Alteholz at 2019-07-26T12:16:48Z
follow security team with no-dsa for CVE-2019-1010228 in Jessie

- - - - -
98d65a76 by Thorsten Alteholz at 2019-07-26T12:16:49Z
follow security team with no-dsa for CVE-2019-14249 in Jessie

- - - - -
f0f4c9c0 by Thorsten Alteholz at 2019-07-26T12:16:50Z
follow security team with no-dsa for CVE-2019-13618 in Jessie

- - - - -
de3f3673 by Thorsten Alteholz at 2019-07-26T12:16:51Z
follow security team with no-dsa for CVE-2019-13615 in Jessie

- - - - -
aa1120a3 by Thorsten Alteholz at 2019-07-26T12:16:51Z
follow security team with no-dsa for CVE-2019-1010189 in Jessie

- - - - -
e50c6489 by Thorsten Alteholz at 2019-07-26T12:16:52Z
follow security team with no-dsa for CVE-2019-1010190 in Jessie

- - - - -
9d003bdd by Thorsten Alteholz at 2019-07-26T12:16:53Z
follow security team with no-dsa for CVE-2019-13565 in Jessie

- - - - -
1d6c174e by Thorsten Alteholz at 2019-07-26T12:16:54Z
follow security team with no-dsa for CVE-2019-13057 in Jessie

- - - - -
d9162aef by Thorsten Alteholz at 2019-07-26T12:16:54Z
follow security team with no-dsa for CVE-2019-13453 in Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,6 +75,7 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows at
 	- dwarfutils <unfixed> (low)
 	[buster] - dwarfutils <no-dsa> (Minor issue)
 	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/
 	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
 CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows  ...)
@@ -1389,6 +1390,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
 	- gpac <unfixed> (low; bug #932242)
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <no-dsa> (Minor issue)
+	[jessie] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1250
 	NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
 CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
@@ -1400,6 +1402,7 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.
 CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media  ...)
 	- libebml 1.3.6-1 (low; bug #932241)
 	[stretch] - libebml <no-dsa> (Minor issue)
+	[jessie] - libebml <no-dsa> (Minor issue)
 	NOTE: https://trac.videolan.org/vlc/ticket/22474
 	NOTE: Issue was originally reported to vlc project, but the underlying issue is
 	NOTE: found in the libebml library
@@ -2518,6 +2521,7 @@ CVE-2019-13565 [openldap: ACL protections get lost if same identity uses differe
 	- openldap 2.4.48+dfsg-1 (low; bug #932998)
 	[buster] - openldap <no-dsa> (Minor issue)
 	[stretch] - openldap <no-dsa> (Minor issue)
+	[jessie] - openldap <no-dsa> (Minor issue)
 	NOTE: https://openldap.org/its/?findid=9052
 CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...)
 	NOT-FOR-US: Ping Identity Agentless Integration Kit
@@ -2771,6 +2775,7 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed z
 	- zipios++ <unfixed> (low; bug #932556)
 	[buster] - zipios++ <no-dsa> (Minor issue)
 	[stretch] - zipios++ <no-dsa> (Minor issue)
+	[jessie] - zipios++ <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
 	NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
 CVE-2019-13452
@@ -3793,6 +3798,7 @@ CVE-2019-13057 [openldap: rootdn of any db can assert any identity]
 	- openldap 2.4.48+dfsg-1 (low; bug #932997)
 	[buster] - openldap <no-dsa> (Minor issue)
 	[stretch] - openldap <no-dsa> (Minor issue)
+	[jessie] - openldap <no-dsa> (Minor issue)
 	NOTE: https://openldap.org/its/?findid=9038
 CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit  ...)
 	NOT-FOR-US: CyberPanel
@@ -11111,6 +11117,7 @@ CVE-2019-10206 [disclosure data when prompted for password and template characte
 	- ansible <unfixed> (bug #933005)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
+	[jessie] - ansible <no-dsa> (Minor issue)
 	NOTE: https://github.com/ansible/ansible/pull/59246
 	NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
 	NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553
@@ -12298,6 +12305,7 @@ CVE-2019-1010229
 CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The im ...)
 	- dcmtk 3.6.4-1 (low)
 	[stretch] - dcmtk <no-dsa> (Minor issue)
+	[jessie] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/858
 	NOTE: https://github.com/commontk/DCMTK/commit/40917614e
 CVE-2019-1010227
@@ -12383,10 +12391,12 @@ CVE-2019-1010191 (marginalia < 1.6 is affected by: SQL Injection. The impact
 CVE-2019-1010190 (mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact i ...)
 	- mgetty 1.2.1-1
 	[stretch] - mgetty <no-dsa> (Minor issue)
+	[jessie] - mgetty <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 CVE-2019-1010189 (mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impac ...)
 	- mgetty 1.2.1-1
 	[stretch] - mgetty <no-dsa> (Minor issue)
+	[jessie] - mgetty <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 CVE-2019-1010188
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/924991174a870dad4f3339c293bd95e35f7bfb91...d9162aef1029ff14284449258da4ca9cec14fa6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/924991174a870dad4f3339c293bd95e35f7bfb91...d9162aef1029ff14284449258da4ca9cec14fa6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190726/2e1a02fb/attachment-0001.html>
