[Git][security-tracker-team/security-tracker][master] 2 commits: Maintainer will take care of Jessie's freeimage update.

Markus Koschany apo at debian.org
Sat May 25 10:26:59 BST 2019 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c67fb4fa by Markus Koschany at 2019-05-25T09:23:46Z
Maintainer will take care of Jessie's freeimage update.

- - - - -
2daa0d14 by Markus Koschany at 2019-05-25T09:25:20Z
CVE-2017-18375,ampache: Mark as no-dsa for Jessie

Upstream closed this issue without fix. Bug might not even be exploitable and
the impact is low.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,6 +22,9 @@ CVE-2019-12312 (In Libreswan before 3.28, an assertion failure can lead to a plu
 	NOTE: https://github.com/libreswan/libreswan/commit/7142d2c37d58cf024595a7549f0fb0d3946682f8
 CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php  ...)
 	- ampache <removed>
+	[jessie] - ampache <no-dsa> (Minor issue)
+	NOTE: https://fenceposterror.github.io/2017/06/16/Hacking-For-Fun-And-Non-Profit.html
+	NOTE: https://github.com/ampache/ampache/issues/1555
 CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...)
 	TODO: check
 CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...)


=====================================
data/dla-needed.txt
=====================================
@@ -30,6 +30,8 @@ faad2 (Hugo Lefeuvre)
   NOTE: 20190525: see https://github.com/knik0/faad2/pull/36
 --
 freeimage
+  NOTE: Maintainer will take care of the update.
+  NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
 --
 hdf5 (Hugo Lefeuvre)
   NOTE: 20190511: upstream was not aware of our undetermined issues. They have assigned



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/21fb7d50aea4ee6d030beea4cceb954dd1e8e05c...2daa0d147bd698e9fbbca6025eef480e4789cbc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/21fb7d50aea4ee6d030beea4cceb954dd1e8e05c...2daa0d147bd698e9fbbca6025eef480e4789cbc4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190525/cc52b20d/attachment.html>

More information about the debian-security-tracker-commits mailing list