[Git][security-tracker-team/security-tracker][master] buster/stretch triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de6118ef by Moritz Muehlenhoff at 2019-10-01T10:17:24Z
buster/stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1967,7 +1967,9 @@ CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Sm
 	- golang-1.12 1.12.10-1 (bug #941173)
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
+	[stretch] - golang-1.8 <ignored> (Minor issue)
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <ignored> (Minor issue)
 	- golang <removed>
 	NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
 	NOTE: https://golang.org/issue/34540
@@ -3990,6 +3992,7 @@ CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
 CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
 	- rust-smallvec 0.6.10-1
+	[buster] - rust-smallvec <no-dsa> (Minor issue)
 	NOTE: https://github.com/servo/rust-smallvec/issues/148
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html
 CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...)
@@ -19951,6 +19954,7 @@ CVE-2019-10224 [using dscreate in verbose mode results in information disclosure
 	[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
 	[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
 	- python-lib389 <removed>
+	[stretch] - python-lib389 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147
 	NOTE: https://pagure.io/389-ds-base/issue/50251
 	NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310
@@ -22389,9 +22393,9 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection
 	- golang-1.12 1.12-1
 	- golang-1.11 1.11.6-1 (bug #924630)
 	- golang-1.8 <removed>
-	[stretch] - golang-1.8 <postponed> (Minor issue, can be fixed along in future DSA)
+	[stretch] - golang-1.8 <ignored> (Minor issue)
 	- golang-1.7 <removed>
-	[stretch] - golang-1.7 <postponed> (Minor issue, can be fixed along in future DSA)
+	[stretch] - golang-1.7 <ignored> (Minor issue)
 	- golang <removed>
 	NOTE: https://github.com/golang/go/issues/30794
 	NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
@@ -23057,7 +23061,9 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1
 	- golang-1.8 <removed>
+	[stretch] - golang-1.8 <ignored> (Minor issue)
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <ignored> (Minor issue)
 	- golang <removed>
 	[jessie] - golang <not-affected> (No HTTP2 support yet)
 	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
@@ -23095,7 +23101,9 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1
 	- golang-1.8 <removed>
+	[stretch] - golang-1.8 <ignored> (Minor issue)
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <ignored> (Minor issue)
 	- golang <removed>
 	[jessie] - golang <not-affected> (No HTTP2 support yet)
 	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6118ef838589de05f9f606c90e66ef47d91ede

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6118ef838589de05f9f606c90e66ef47d91ede
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/1c30f629/attachment.html>