[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-16866/unbound: jessie not-affected

Sylvain Beucler beuc at debian.org
Fri Oct 4 13:31:57 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4a9c5ac by Sylvain Beucler at 2019-10-04T12:30:09Z
CVE-2019-16866/unbound: jessie not-affected

- - - - -
47f2af78 by Sylvain Beucler at 2019-10-04T12:30:41Z
dla: add tcpdump and libpcap

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -627,6 +627,7 @@ CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the fi
 CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows remot ...)
 	- unbound <unfixed> (bug #941692)
 	[stretch] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
+	[jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
 	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
 CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...)


=====================================
data/dla-needed.txt
=====================================
@@ -78,6 +78,8 @@ libmatio (Adrian Bunk)
   NOTE: 20190428: older changes seem to also be required for them
   NOTE: 20190929: work is ongoing
 --
+libpcap
+--
 libqb
   NOTE: 20190616: Upstream patch does not apply at all, but it appears that
   NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
@@ -142,6 +144,9 @@ slurm-llnl
 --
 spip (Thorsten Alteholz)
 --
+tcpdump
+  NOTE: 20191004: same version in wheezy->buster, security-only upstream release (24 CVEs), probably best to backport 4.9.3 when it hits testing (Beuc)
+--
 thunderbird
   NOTE: 20191001: CVE-2019-11755: bug is private, not sure whether to backport to 60esr or wait for 68esr (Beuc)
   NOTE: 20191001: CVE-2019-11755: https://bugzilla.mozilla.org/show_bug.cgi?id=1240290



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ffc585a33b4ba21c7d059b19a3942ad24d31a490...47f2af786814be1286c1fb3eda65349040ba3b41

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ffc585a33b4ba21c7d059b19a3942ad24d31a490...47f2af786814be1286c1fb3eda65349040ba3b41
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191004/f84b89e7/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list