[Git][security-tracker-team/security-tracker][master] 2 commits: dla: systemd no-dsa

Sylvain Beucler beuc at debian.org
Mon May 27 11:13:30 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c589272b by Sylvain Beucler at 2019-05-27T10:12:10Z
dla: systemd no-dsa

- - - - -
7ac65652 by Sylvain Beucler at 2019-05-27T10:13:00Z
dla: CVE-2019-10732/kdepim patch available

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -429,6 +429,7 @@ CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded fil
 CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...)
 	- systemd <unfixed> (bug #929116)
 	[stretch] - systemd <no-dsa> (Minor issue)
+	[jessie] - systemd <no-dsa> (Not reproducible without Ubuntu-style persistant VT1 greeter; too invasive to fix)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
 	NOTE: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
 	NOTE: https://github.com/systemd/systemd/pull/12378


=====================================
data/dla-needed.txt
=====================================
@@ -33,7 +33,6 @@ hdf5 (Hugo Lefeuvre)
   NOTE: imply to first prepare a buster update.
 --
 kdepim
-  NOTE: 20190425: not yet fixed upstream
 --
 libav (Roberto C. Sánchez)
   NOTE: 20190401: There are currently 20 CVE issues known for libav in jessie,
@@ -100,9 +99,6 @@ sox (Emilio)
 --
 sysdig (Hugo Lefeuvre)
 --
-systemd (Sylvain Beucler)
-  NOTE: 20190518: vt_reset_keyboard() is not available in this version but probably the switch happens somewhere else
---
 tomcat7 (Abhijith PA)
   NOTE: 20190522: FTBFS
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/db5c7b2454dc4ae062a56dfce0ce012f78384171...7ac6565225fe56267b5b8c6b552073a4d9b72671

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/db5c7b2454dc4ae062a56dfce0ce012f78384171...7ac6565225fe56267b5b8c6b552073a4d9b72671
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190527/a407cbad/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list