[Git][security-tracker-team/security-tracker][master] 4 commits: add bind9

Thu Nov 21 16:04:09 GMT 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2dd2e1f2 by Thorsten Alteholz at 2019-11-21T16:03:40Z
add bind9

- - - - -
4bce3ccc by Thorsten Alteholz at 2019-11-21T16:03:41Z
mark CVE-2019-19126 as no-dsa for Jessie

- - - - -
4ce153c0 by Thorsten Alteholz at 2019-11-21T16:03:41Z
add otrs2

- - - - -
8ccb87c4 by Thorsten Alteholz at 2019-11-21T16:03:41Z
add ruby2.1 that is only in Jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -42,6 +42,7 @@ CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before
 	- glibc <unfixed>
 	[buster] - glibc <no-dsa> (Minor issue)
 	[stretch] - glibc <no-dsa> (Minor issue)
+	[jessie] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25204
 	NOTE: https://sourceware.org/ml/libc-alpha/2019-11/msg00649.html
 CVE-2019-19125


=====================================
data/dla-needed.txt
=====================================
@@ -20,6 +20,9 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
 --
+bind9 (Thorsten Alteholz)
+  NOTE: no point release in Jessie, so fix it here
+--
 freeimage
   NOTE: Maintainer will take care of the update.
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
@@ -85,6 +88,9 @@ opendmarc (Thorsten Alteholz)
 openjdk-7 (Markus Koschany)
   NOTE: 20191118: Pinged upstream about a new upstream release again four days ago. (apo)
 --
+otrs2
+  NOTE: otrs2 is in jessie/main so it should be taken care off
+--
 pam-python
   NOTE: 20190927: Upstream appear to not have a distinct revision for this fix,
   NOTE: using a single commit for the entire release which changes many things. (lamby)
@@ -109,6 +115,8 @@ radare2
   NOTE: Support status is being discussed at:
   NOTE: https://lists.debian.org/debian-lts/2019/08/msg00064.html
 --
+ruby2.1 (Thorsten Alteholz)
+--
 ruby-rack-cors (Utkarsh Gupta)
 --
 slurm-llnl (Abhijith PA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9f29670fd43313b1e3750f2b1255f3cc7a6859bb...8ccb87c4130cee67688aa7c036714f99045bd840

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9f29670fd43313b1e3750f2b1255f3cc7a6859bb...8ccb87c4130cee67688aa7c036714f99045bd840
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191121/8567ffc6/attachment-0001.html>
