[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2019-890{5,7}/file as no-dsa

Thu Mar 21 20:43:22 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
446de21b by Salvatore Bonaccorso at 2019-03-21T20:42:09Z
Mark CVE-2019-890{5,7}/file as no-dsa

Christoph Biedl proposed given the amount of changes needed to be
included an update via a point release to expose the package to more
testing (Cf. https://bugs.debian.org/925251).

- - - - -
421d4343 by Salvatore Bonaccorso at 2019-03-21T20:42:09Z
Remove file from dsa-needed list (update via stretch-pu instead)

- - - - -
d1032014 by Salvatore Bonaccorso at 2019-03-21T20:42:09Z
Track proposed update for file via stretch-pu

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3315,6 +3315,7 @@ CVE-2019-8908 (An issue was discovered in WTCMS 1.0. It allows remote attackers
 CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows remote att ...)
 	{DLA-1698-1}
 	- file 1:5.35-3 (bug #922968)
+	[stretch] - file <no-dsa> (Minor issue; will be fixed in point release)
 	NOTE: https://bugs.astron.com/view.php?id=65
 	NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
 CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bou ...)
@@ -3327,6 +3328,7 @@ CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an out-o
 CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...)
 	{DLA-1698-1}
 	- file 1:5.35-3 (bug #922968)
+	[stretch] - file <no-dsa> (Minor issue; will be fixed in point release)
 	NOTE: https://bugs.astron.com/view.php?id=63
 	NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
 CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ evolution
 faad2
   not yet fixed upstream
 --
-file (jmm)
---
 glusterfs
 --
 ghostscript (carnil)


=====================================
data/next-point-update.txt
=====================================
@@ -90,3 +90,7 @@ CVE-2016-9842
 	[stretch] - rsync 3.1.2-1+deb9u2
 CVE-2016-9841
 	[stretch] - rsync 3.1.2-1+deb9u2
+CVE-2019-8907
+	[stretch] - file 1:5.30-1+deb9u3
+CVE-2019-8905
+	[stretch] - file 1:5.30-1+deb9u3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/703dbf98c25cac475dcc70185a3d23f697cdbf20...d1032014da15be05d13b770e290682959525827c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/703dbf98c25cac475dcc70185a3d23f697cdbf20...d1032014da15be05d13b770e290682959525827c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190321/e89b5e53/attachment.html>
