[Git][security-tracker-team/security-tracker][master] dla-needed: update cacti, hdf5 and imagemagick notes

Hugo Lefeuvre hle at debian.org
Tue Oct 15 15:16:10 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
633cabab by Hugo Lefeuvre at 2019-10-15T14:15:09Z
dla-needed: update cacti, hdf5 and imagemagick notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -17,6 +17,8 @@ ansible (Utkarsh Gupta)
   NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby)
 --
 cacti (Hugo Lefeuvre)
+  NOTE: 20191015: jessie and stretch don't seem to be affected. I will produce a detailed analysis
+  NOTE: and try to get confirmation from upstream.
 --
 freeimage
   NOTE: Maintainer will take care of the update.
@@ -26,14 +28,14 @@ freeimage
 graphite-web
 --
 hdf5
-  NOTE: 20190825: Upstream is aware of currently open issues. Progress is slow,
+  NOTE: 20191015: Upstream is aware of currently open issues. Progress is slow,
   NOTE: wait for the next HDF5 point release and either do full package upgrade
   NOTE: or cherry pick fixes (hle)
 --
 ibus (Markus Koschany)
   NOTE: beware of the regression introduced by upstreams first patch
 --
-imagemagick
+imagemagick (Hugo Lefeuvre)
   NOTE: 20190902: several minor postponed issues with simple patch: preparing an update
   NOTE: just for them would be wasting time, but let's include these patches in a
   NOTE: future update when new issues appear.
@@ -43,6 +45,7 @@ imagemagick
   NOTE: instead of avoiding off-by-one reads (check length BEFORE reading, not after!)
   NOTE: we allocate one more byte. this works, but does not 'obviously' fix the issue and
   NOTE: can be misleading... DEP3 comments would be nice. (hle)
+  NOTE: 20191015: two new CVEs, check.
 --
 imapfilter
   NOTE: 20190910: No patch exists but a possible solution. Note that openssl in



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/633cababc06fd4a1e6a423ab8250285999596ec7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/633cababc06fd4a1e6a423ab8250285999596ec7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191015/1a85eb3f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list