[Git][security-tracker-team/security-tracker][master] 3 commits: Remove filezilla from dla-needed.txt

Wed May 8 09:02:45 BST 2019


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28d3d6c0 by Markus Koschany at 2019-05-08T07:55:57Z
Remove filezilla from dla-needed.txt

- - - - -
b01951ea by Markus Koschany at 2019-05-08T07:56:50Z
CVE-2019-5429,filezilla: Mark as no-dsa for Jessie

On closer inspection the conditions to exploit the vulnerability are hard to
achieve on Debian systems. Any fix requires either a backport of libfilezila or
significant portions thereof.

- - - - -
954dc7c7 by Markus Koschany at 2019-05-08T08:01:59Z
dla-needed.txt: Make clear Hugo and me are both working on imagemagick.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16424,6 +16424,7 @@ CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protecti
 CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
 	- filezilla <unfixed> (low; bug #928282)
 	[stretch] - filezilla <no-dsa> (Minor issue)
+	[jessie] - filezilla <no-dsa> (Minor issue)
 	NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision
 	NOTE: https://www.tenable.com/security/research/tra-2019-14
 CVE-2019-5428


=====================================
data/dla-needed.txt
=====================================
@@ -28,8 +28,6 @@ faad2 (Hugo Lefeuvre)
   NOTE: need to check which other issues have been addressed by these fixes + one more
   NOTE: patch and we will be fit for upload.
 --
-filezilla (Markus Koschany)
---
 ghostscript (Roberto C. Sánchez)
 --
 graphicsmagick (Hugo Lefeuvre)
@@ -41,7 +39,7 @@ hdf5 (Hugo Lefeuvre)
   NOTE: but not mentioned in release notes + no commit directly mentioning the issue
   NOTE: -> ask them for more information.
 --
-imagemagick (Hugo Lefeuvre)
+imagemagick (Hugo Lefeuvre, Markus Koschany)
   NOTE: 20181227: We should address the many open issues in imagemagick either
   NOTE: by patching them separetely as we did in Wheezy or by updating to a
   NOTE: new upstream version like the security team did with Graphicsmagick in



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/860b8b065b44582d8dda1421d7915a8af126ca17...954dc7c7a3e47aaa153910007b90d1e34d749f5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/860b8b065b44582d8dda1421d7915a8af126ca17...954dc7c7a3e47aaa153910007b90d1e34d749f5a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190508/4db769b4/attachment.html>
