[Git][security-tracker-team/security-tracker][master] 3 commits: add checkstyle to dla-needed

Hugo Lefeuvre hle at debian.org
Mon Mar 18 08:51:08 GMT 2019 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac7d14d6 by Hugo Lefeuvre at 2019-03-18T08:40:42Z
add checkstyle to dla-needed

- - - - -
14cad5ca by Hugo Lefeuvre at 2019-03-18T08:46:38Z
add libjpeg-turbo to dla-needed

This is a somewhat older cve. Not sure why we never triaged it.
Patch is available so we should either release a dla or triage
it no-dsa.

- - - - -
20a7f851 by Hugo Lefeuvre at 2019-03-18T08:50:49Z
add libmatio to dla-needed

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -9,6 +9,12 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
+--
+checkstyle
+  NOTE: CVE-2019-9658: changes appear to involve compatibility breakage, handle with care.
+  NOTE: CVE-2019-9658: removal of DTDs from http://checkstyle.sourceforge.net and
+  NOTE: CVE-2019-9658: http://puppycrawl.com/ might affect the validity of our default config
+  NOTE: CVE-2019-9658: so depending of the impact this might require a jessie update
 --
 cron (Mike Gabriel)
 --
@@ -38,12 +44,19 @@ kde4libs (Hugo Lefeuvre)
 libav
   NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet.
 --
+libjpeg-turbo
+  NOTE: CVE-2018-14498: fix available. assert severity and either provide upload or triage no-dsa.
+--
 liblivemedia (Hugo Lefeuvre)
   NOTE: 20190226: CVE-2019-773{2,3}: wait for upstream patch - hle
   NOTE: CVE-2019-9215: at least dos, might be used for remote code execution,
   NOTE: CVE-2019-9215: prepared a poc and updates for jessie and stretch.
   NOTE: CVE-2019-9215: waiting for stretch upload before going on with jessie.
 --
+libmatio
+  NOTE: fairly high number of open issues. Not sure why we never had a look at them.
+  NOTE: triage work needed, help security team for fixes if needed.
+--
 libraw (Thorsten Alteholz)
   NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
   NOTE: especially those that are still marked vulnerable in Stretch but also



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/15aa1722809647edae1ebe35fcb553363614dafa...20a7f85136f9d9e74f77dc3b15a2fca4e279c713

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/15aa1722809647edae1ebe35fcb553363614dafa...20a7f85136f9d9e74f77dc3b15a2fca4e279c713
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190318/21714c6e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list