[Git][security-tracker-team/security-tracker][master] 3 commits: dla-needed: update cacti and pam-python notes
Hugo Lefeuvre
hle at debian.org
Thu Oct 17 12:45:58 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7dfe49f8 by Hugo Lefeuvre at 2019-10-17T11:45:39Z
dla-needed: update cacti and pam-python notes
claim freeimage
- - - - -
0c972428 by Hugo Lefeuvre at 2019-10-17T11:45:40Z
add Debian bug for CVE-2019-16729
- - - - -
f8931f4d by Hugo Lefeuvre at 2019-10-17T11:45:40Z
dsa-needed: claim freeimage
- - - - -
3 changed files:
- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2408,7 +2408,7 @@ CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account
CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
NOT-FOR-US: Home Assistant
CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...)
- - pam-python 1.0.7-1
+ - pam-python 1.0.7-1 (bug #942514)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...)
=====================================
data/dla-needed.txt
=====================================
@@ -20,8 +20,10 @@ cacti (Hugo Lefeuvre)
NOTE: 20191016: jessie and stretch don't seem to be affected, see
NOTE: https://lists.debian.org/debian-lts/2019/10/msg00081.html for more details
NOTE: waiting for feedback from upstream: https://github.com/Cacti/cacti/issues/2964
+ NOTE: 20190117: upstream answered positively. waiting for him to rework a few things
+ NOTE: before updating the tracker.
--
-freeimage
+freeimage (Hugo Lefeuvre)
NOTE: Maintainer will take care of the update.
NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
@@ -111,7 +113,10 @@ opendmarc (Thorsten Alteholz)
NOTE: 20191013: testing package
--
pam-python (Hugo Lefeuvre)
- NOTE: 20190927: Upstream appear to not have a distinct revision for this fix, using a single commit for the entire release which changes many things. (lamby)
+ NOTE: 20190927: Upstream appear to not have a distinct revision for this fix,
+ NOTE: using a single commit for the entire release which changes many things. (lamby)
+ NOTE: 20191017: opened bug report and asked Russell (both Debian maintainer & upstream)
+ NOTE: for more information.
--
polarssl
--
=====================================
data/dsa-needed.txt
=====================================
@@ -21,7 +21,7 @@ curl (ghedo)
--
evince/oldstable
--
-freeimage
+freeimage (hle)
--
glusterfs/oldstable
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9230da06754e42eee20625be473660607c8b59f2...f8931f4d2d26ab44f5e16b42fea51b74db347fab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9230da06754e42eee20625be473660607c8b59f2...f8931f4d2d26ab44f5e16b42fea51b74db347fab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191017/e62a79d4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list