[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-13012/glib2.0 as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 27 13:06:43 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
215b3fae by Salvatore Bonaccorso at 2019-07-27T12:02:43Z
Mark CVE-2019-13012/glib2.0 as no-dsa
There are a couple of mitigations in place which make the whole issue
less urgent and can be fixed via a point release.
Detailed explanation on mitigation factors given by Simon McVittie in
https://bugs.debian.org/931234#12 .
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5419,6 +5419,8 @@ CVE-2019-12451
CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 ...)
[experimental] - glib2.0 2.60.0-1
- glib2.0 2.60.5-1 (bug #931234)
+ [buster] - glib2.0 <no-dsa> (Minor issue)
+ [stretch] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1658
NOTE: https://gitlab.gnome.org/GNOME/glib/merge_requests/450
NOTE: https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/215b3fae8d99fd787a1ce7fa47121e61470ac1fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/215b3fae8d99fd787a1ce7fa47121e61470ac1fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190727/4f8f8fe0/attachment.html>
More information about the debian-security-tracker-commits
mailing list