[Git][security-tracker-team/security-tracker][master] 3 commits: Remove filezilla from dla-needed.txt
Markus Koschany
apo at debian.org
Wed May 8 09:02:45 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
28d3d6c0 by Markus Koschany at 2019-05-08T07:55:57Z
Remove filezilla from dla-needed.txt
- - - - -
b01951ea by Markus Koschany at 2019-05-08T07:56:50Z
CVE-2019-5429,filezilla: Mark as no-dsa for Jessie
On closer inspection the conditions to exploit the vulnerability are hard to
achieve on Debian systems. Any fix requires either a backport of libfilezila or
significant portions thereof.
- - - - -
954dc7c7 by Markus Koschany at 2019-05-08T08:01:59Z
dla-needed.txt: Make clear Hugo and me are both working on imagemagick.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -16424,6 +16424,7 @@ CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protecti
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
- filezilla <unfixed> (low; bug #928282)
[stretch] - filezilla <no-dsa> (Minor issue)
+ [jessie] - filezilla <no-dsa> (Minor issue)
NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision
NOTE: https://www.tenable.com/security/research/tra-2019-14
CVE-2019-5428
=====================================
data/dla-needed.txt
=====================================
@@ -28,8 +28,6 @@ faad2 (Hugo Lefeuvre)
NOTE: need to check which other issues have been addressed by these fixes + one more
NOTE: patch and we will be fit for upload.
--
-filezilla (Markus Koschany)
---
ghostscript (Roberto C. Sánchez)
--
graphicsmagick (Hugo Lefeuvre)
@@ -41,7 +39,7 @@ hdf5 (Hugo Lefeuvre)
NOTE: but not mentioned in release notes + no commit directly mentioning the issue
NOTE: -> ask them for more information.
--
-imagemagick (Hugo Lefeuvre)
+imagemagick (Hugo Lefeuvre, Markus Koschany)
NOTE: 20181227: We should address the many open issues in imagemagick either
NOTE: by patching them separetely as we did in Wheezy or by updating to a
NOTE: new upstream version like the security team did with Graphicsmagick in
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/860b8b065b44582d8dda1421d7915a8af126ca17...954dc7c7a3e47aaa153910007b90d1e34d749f5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/860b8b065b44582d8dda1421d7915a8af126ca17...954dc7c7a3e47aaa153910007b90d1e34d749f5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190508/4db769b4/attachment.html>
More information about the debian-security-tracker-commits
mailing list