[Git][security-tracker-team/security-tracker][master] 7 commits: add libssh2
Thorsten Alteholz
alteholz at debian.org
Thu Mar 21 14:01:22 GMT 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd0e22d9 by Thorsten Alteholz at 2019-03-21T13:26:21Z
add libssh2
- - - - -
e9c118a9 by Thorsten Alteholz at 2019-03-21T13:47:36Z
add pdns
- - - - -
69734939 by Thorsten Alteholz at 2019-03-21T13:52:31Z
mark CVE-2018-12181 as end-of-life for jessie (non-free)
- - - - -
d7d607e4 by Thorsten Alteholz at 2019-03-21T13:55:29Z
mark CVE-2009-5155 as no-dsa
- - - - -
2c8de9c8 by Thorsten Alteholz at 2019-03-21T13:56:53Z
mark CVE-2019-9687 as no-dsa for Jessie
- - - - -
ea95f167 by Thorsten Alteholz at 2019-03-21T13:58:56Z
mark CVE-2018-20806 as no-dsa for Jessie
- - - - -
d2621a07 by Thorsten Alteholz at 2019-03-21T14:00:13Z
mark CVE-2019-9754 as no-dsa for Jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -790,6 +790,7 @@ CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure Pulse
CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the ...)
- phamm <unfixed> (low; bug #924731)
[stretch] - phamm <no-dsa> (Minor issue)
+ [jessie] - phamm <no-dsa> (Minor issue)
NOTE: https://github.com/lota/phamm/issues/24
CVE-2019-9839
RESERVED
@@ -1053,6 +1054,7 @@ CVE-2019-9755
CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
- tcc <unfixed> (low; bug #925127)
[stretch] - tcc <no-dsa> (Minor issue)
+ [jessie] - tcc <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html
CVE-2019-9753
RESERVED
@@ -1235,6 +1237,7 @@ CVE-2019-9688 (sftnow through 2018-12-29 allows index.php?g=Admin&m=User&
CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF ...)
- libpodofo <unfixed> (bug #924430)
[stretch] - libpodofo <no-dsa> (Minor issue)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/code/1969
CVE-2019-9686 (pacman before 5.1.3 allows directory traversal when installing a remot ...)
NOT-FOR-US: pacman package manager for arch, different from src:pacman
@@ -2538,6 +2541,7 @@ CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_
[experimental] - gnulib 20180621~6979c25-1
- gnulib 20140202+stable-3.2 (bug #924613)
[stretch] - gnulib <no-dsa> (Minor issue)
+ [jessie] - gnulib <no-dsa> (Minor issue)
- glibc 2.28-1
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
@@ -45141,6 +45145,7 @@ CVE-2018-12181 [Stack buffer overflow with corrupted BMP]
RESERVED
- edk2 0~20181115.85588389-3 (bug #924615)
[stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
+ [jessie] - edk2 <end-of-life> (non-free is not supported)
NOTE: https://lists.01.org/pipermail/edk2-devel/2019-March/037626.html
CVE-2018-12180 [Buffer Overflow in BlockIo service for RAM disk]
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -64,6 +64,8 @@ libraw (Thorsten Alteholz)
libsolv
NOTE: 20190127: maintainer is Mike Gabriel
--
+libssh2
+--
linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
@@ -77,6 +79,8 @@ openssh (Mike Gabriel)
NOTE: 20190228: CVE-2019-6111 seemingly not-yet-fixed, see https://bugs.debian.org/923486
NOTE: 20190228: Package draft for jessie LTS locally, but the CVE-2019-6111 patch requires being fixed first before proceeding
--
+pdns
+--
php5 (Thorsten Alteholz)
NOTE: 20190317: new CVEs appeared
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d13e8c0fccbea4ca1baa31e553fe74f6041878ab...d2621a07ebe1308df49baa39ce6d95803cc9c60f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d13e8c0fccbea4ca1baa31e553fe74f6041878ab...d2621a07ebe1308df49baa39ce6d95803cc9c60f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190321/c13ff6f2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list