[Git][security-tracker-team/security-tracker][master] 5 commits: add jackson-databind

Tue Jul 30 19:04:37 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60058f1f by Thorsten Alteholz at 2019-07-30T17:40:52Z
add jackson-databind

- - - - -
e498f5c3 by Thorsten Alteholz at 2019-07-30T17:43:07Z
add xymon

- - - - -
04f6b0ca by Thorsten Alteholz at 2019-07-30T17:45:02Z
add scapy

- - - - -
340fcbb9 by Thorsten Alteholz at 2019-07-30T17:48:54Z
add qbittorrent

- - - - -
ef8bfb81 by Thorsten Alteholz at 2019-07-30T17:55:41Z
mark CVE-2019-14274 for mcpp as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -450,6 +450,7 @@ CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the cal
 	NOTE: Crash in CLI tool, no security impact, hardening build
 CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function i ...)
 	- mcpp <unfixed>
+	[jessie] - mcpp <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/mcpp/bugs/13/
 CVE-2019-14273
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -41,6 +41,8 @@ hdf5 (Hugo Lefeuvre)
 imagemagick (Hugo Lefeuvre)
   NOTE: triage work first, large number of open issues
 --
+jackson-databind
+--
 libav
   NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no patch
@@ -86,6 +88,8 @@ proftpd-dfsg (Markus Koschany)
 --
 python2.7 (Thorsten Alteholz)
 --
+qbittorrent
+--
 qemu
   NOTE: 20190528: An upload candidate is waiting for being tested on real hardware.
   NOTE: 20190528: Still need to set up a notebook with jessie installed for testing.
@@ -103,6 +107,8 @@ ruby-openid
   NOTE: 20190710: I'm at a loss to how to continue persuing this issue (see https://github.com/openid/ruby-openid/issues/122) so returning to the pool. (lamby)
   NOTE: 20190726: Still unknown how to fix (see aforementioned github issue) (lamby)
 --
+scapy
+--
 slurm-llnl
 --
 sox
@@ -144,3 +150,5 @@ wpa
 xen
   NOTE: 20190629: Contacted credativ support and asked for a status update
 --
+xymon (Thorsten alteholz)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/782178d536c3cd170cb1c6ce82b4c4eb3c990bd2...ef8bfb819fae4a1d9b102f54bb2d3d1d1bc3b0c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/782178d536c3cd170cb1c6ce82b4c4eb3c990bd2...ef8bfb819fae4a1d9b102f54bb2d3d1d1bc3b0c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/1f25ef8c/attachment-0001.html>
