[Git][security-tracker-team/security-tracker][master] 3 commits: follow security team with no-dsa for CVE-2019-14247 in Jessie

Tue Jul 30 12:54:06 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dce3021 by Thorsten Alteholz at 2019-07-30T11:41:04Z
follow security team with no-dsa for CVE-2019-14247 in Jessie

- - - - -
34fbfcc8 by Thorsten Alteholz at 2019-07-30T11:41:54Z
no security support for node modules

- - - - -
6ab05da9 by Thorsten Alteholz at 2019-07-30T11:43:26Z
add libreoffice

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -515,6 +515,7 @@ CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c a
 CVE-2019-14247 (The scan() function in mad.c in mpg321 0.3.2 allows remote attackers t ...)
 	- mpg321 0.3.2-2
 	[stretch] - mpg321 <no-dsa> (Minor issue)
+	[jessie] - mpg321 <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/mpg321/bugs/51/
 	NOTE: Fixed by handle_illegal_bitrate_value.patch
 CVE-2019-14246
@@ -10256,6 +10257,7 @@ CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototyp
 	- node-lodash <unfixed> (bug #933079)
 	[buster] - node-lodash <no-dsa> (Minor issue; can be fixed in point release)
 	[stretch] - node-lodash <ignored> (Nodejs in stretch not covered by security support)
+	[jessie] - node-lodash <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-450202
 	NOTE: https://github.com/lodash/lodash/issues/4348
 	NOTE: https://github.com/lodash/lodash/pull/4336


=====================================
data/dla-needed.txt
=====================================
@@ -65,6 +65,9 @@ libqb
   NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)
   NOTE: 20190619: See https://lists.debian.org/debian-lts/2019/06/msg00015.html
 --
+libreoffice
+  NOTE: probably Jessie is affected as well
+--
 libsdl1.2 (Hugo Lefeuvre)
   NOTE: see libsdl2 entry.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ddb13bea7cf2c9b8113af33cd8cd6d561667c463...6ab05da9a25e8bee87bb421688eeaa6505d09a73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ddb13bea7cf2c9b8113af33cd8cd6d561667c463...6ab05da9a25e8bee87bb421688eeaa6505d09a73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/f8ce2dde/attachment.html>
