[Git][security-tracker-team/security-tracker][master] 2 commits: Claim ruby-rack-cors, unclaim libexif, and add notes

[Utkarsh Gupta]

Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65563032 by Utkarsh Gupta at 2019-11-18T15:54:03Z
Claim ruby-rack-cors, unclaim libexif, and add notes

- - - - -
7e7b0bca by Utkarsh Gupta at 2019-11-18T15:59:05Z
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -13,6 +13,7 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 389-ds-base (Utkarsh Gupta)
   NOTE: 20191109: Contacted upstream for relevant commits. Will ping here or claim it once they reply back. (utkarsh2102)
   NOTE: 20191114: Conversation going on; got a patch. (utkarsh2102)
+  NOTE: 20191118: WIP. Should be ready soon. (utkarsh2102)
 --
 ansible
   NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby)
@@ -52,11 +53,13 @@ libav (Sylvain Beucler)
   NOTE: 20190831: so there is something one can test with and see if the fix worked.
   NOTE: 20191114: Triaging new vulnerabilities and cross-referencing with ffmpeg (Beuc)
 --
-libexif (Utkarsh Gupta)
-  NOTE: 20191111: Contacted upstream for relevant commits of CVE-2019-9278.
-  NOTE: 20191114: Pinged upstream; just have the Android patch yet.
+libexif
+  NOTE: 20191111: Contacted upstream for relevant commits of CVE-2019-9278. (utkarsh2102)
+  NOTE: 20191114: Pinged upstream; just have the Android patch yet. (utkarsh2102)
+  NOTE: 20191118: No patch yet. Shall claim and fix once the patch is available. (utkarsh2102)
 --
 libjpeg-turbo (Utkarsh Gupta)
+  NOTE: 20191118: WIP; should be ready soon. (utkarsh2102)
 --
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
@@ -111,7 +114,7 @@ radare2
   NOTE: Support status is being discussed at:
   NOTE: https://lists.debian.org/debian-lts/2019/08/msg00064.html
 --
-ruby-rack-cors
+ruby-rack-cors (Utkarsh Gupta)
 --
 slurm-llnl (Abhijith PA)
   NOTE: 20190814: Contacted security of slurm-llnl for relevant commits (abhijith)
@@ -133,6 +136,7 @@ tightvnc (Mike Gabriel)
   NOTE: 20191030: contains non-security-maintained code from libvncserver (sunweaver)
 --
 tnef (Utkarsh Gupta)
+  NOTE: 20191118: Facing a little problem with patch; contacting upstream. (utkarsh2102)
 --
 vino (Mike Gabriel)
   NOTE: 20191030: ships non-security-maintained copy of libvncserver. (sunweaver)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c2fe3bc97ba6478579ddf046cf5fe6c35f2d301b...7e7b0bca4d52be19a08d982ce84323f6422139eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c2fe3bc97ba6478579ddf046cf5fe6c35f2d301b...7e7b0bca4d52be19a08d982ce84323f6422139eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191118/81e55391/attachment-0001.html>