[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff
jmm at debian.org
Sun May 26 10:03:38 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
562f23ce by Moritz Muehlenhoff at 2019-05-26T09:02:57Z
stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -76,7 +76,8 @@ CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 an
CVE-2019-12296
RESERVED
CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...)
- - wireshark <unfixed> (bug #929446)
+ - wireshark <unfixed> (low; bug #929446)
+ [stretch] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-19.html
@@ -3591,6 +3592,7 @@ CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based
[buster] - poppler <postponed> (Revisit when fixed upstream)
[stretch] - poppler <postponed> (Revisit when fixed upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
- poppler <unfixed> (low; bug #926529)
[buster] - poppler <postponed> (Revisit when fixed upstream)
@@ -12259,6 +12261,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f
+ NOTE: Patch causes regressions for some applications/games: https://bugzilla.novell.com/show_bug.cgi?id=1124825
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
@@ -12267,7 +12270,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
- NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
+ NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
@@ -12282,9 +12285,8 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
[jessie] - libsdl2-image <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
NOTE: https://hg.libsdl.org/SDL/rev/7c643f1c1887 (SDL-2)
- NOTE: https://hg.libsdl.org/SDL/rev/7c643f1c1887 (SDL-1.2)
- NOTE: https://hg.libsdl.org/SDL/rev/08f3b4992538 (SDL-1.2)
- NOTE: https://hg.libsdl.org/SDL/rev/4646533663ae (SDL-1.2)
+ NOTE: https://hg.libsdl.org/SDL/rev/08f3b4992538 (SDL-1.2) (correct)
+ NOTE: https://hg.libsdl.org/SDL/rev/4646533663ae (SDL-1.2) (broken)
NOTE: https://hg.libsdl.org/SDL_image/rev/03bd33e8cb49 (SDL_image-2)
CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for Bo ...)
NOT-FOR-US: BoKS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/562f23ceb8bb0b9909ed8b779528dee49205dd4a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/562f23ceb8bb0b9909ed8b779528dee49205dd4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190526/d66ed36b/attachment.html>
More information about the debian-security-tracker-commits
mailing list