[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-3189 has been fixed

Mon Jun 24 21:22:51 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69f80d8f by Thorsten Alteholz at 2019-06-24T20:16:20Z
CVE-2016-3189 has been fixed

- - - - -
561884f4 by Thorsten Alteholz at 2019-06-24T20:16:20Z
Reserve DLA-1833-1 for bzip2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -160119,7 +160119,6 @@ CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-composi
 	NOTE: https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
 CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows rem ...)
 	- bzip2 1.0.6-8.1 (low; bug #827744)
-	[jessie] - bzip2 <no-dsa> (Minor issue)
 	[wheezy] - bzip2 <no-dsa> (Minor issue)
 CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module 7.x-2 ...)
 	NOT-FOR-US: Prepopulate module for Drupal


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jun 2019] DLA-1833-1 bzip2 - security update
+	{CVE-2016-3189 CVE-2019-12900}
+	[jessie] - bzip2 1.0.6-7+deb8u1
 [24 Jun 2019] DLA-1832-1 libvirt - security update
 	{CVE-2019-10161 CVE-2019-10167}
 	[jessie] - libvirt 1.2.9-9+deb8u7


=====================================
data/dla-needed.txt
=====================================
@@ -15,8 +15,6 @@ ansible (Abhijith PA)
 bind9 (Thorsten Alteholz)
   NOTE: 20190623: test package
 --
-bzip2 (Thorsten Alteholz)
---
 faad2 (Hugo Lefeuvre)
   NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon.
   NOTE: 20190525: see https://github.com/knik0/faad2/pull/36



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/107499a8cb05cc249ac1d39c318b7195ae3af0ee...561884f4006ce9240fc434c9963a1af9cb80262b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/107499a8cb05cc249ac1d39c318b7195ae3af0ee...561884f4006ce9240fc434c9963a1af9cb80262b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190624/2183ae52/attachment-0001.html>
