[Git][security-tracker-team/security-tracker][master] 3 commits: dla-needed: update cacti and pam-python notes

[Hugo Lefeuvre]

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7dfe49f8 by Hugo Lefeuvre at 2019-10-17T11:45:39Z
dla-needed: update cacti and pam-python notes

claim freeimage

- - - - -
0c972428 by Hugo Lefeuvre at 2019-10-17T11:45:40Z
add Debian bug for CVE-2019-16729

- - - - -
f8931f4d by Hugo Lefeuvre at 2019-10-17T11:45:40Z
dsa-needed: claim freeimage

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2408,7 +2408,7 @@ CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account
 CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
 	NOT-FOR-US: Home Assistant
 CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...)
-	- pam-python 1.0.7-1
+	- pam-python 1.0.7-1 (bug #942514)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
 	NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
 CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -20,8 +20,10 @@ cacti (Hugo Lefeuvre)
   NOTE: 20191016: jessie and stretch don't seem to be affected, see
   NOTE: https://lists.debian.org/debian-lts/2019/10/msg00081.html for more details
   NOTE: waiting for feedback from upstream: https://github.com/Cacti/cacti/issues/2964
+  NOTE: 20190117: upstream answered positively. waiting for him to rework a few things
+  NOTE: before updating the tracker.
 --
-freeimage
+freeimage (Hugo Lefeuvre)
   NOTE: Maintainer will take care of the update.
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
   NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
@@ -111,7 +113,10 @@ opendmarc (Thorsten Alteholz)
   NOTE: 20191013: testing package
 --
 pam-python (Hugo Lefeuvre)
-  NOTE: 20190927: Upstream appear to not have a distinct revision for this fix, using a single commit for the entire release which changes many things. (lamby)
+  NOTE: 20190927: Upstream appear to not have a distinct revision for this fix,
+  NOTE: using a single commit for the entire release which changes many things. (lamby)
+  NOTE: 20191017: opened bug report and asked Russell (both Debian maintainer & upstream)
+  NOTE: for more information.
 --
 polarssl
 --


=====================================
data/dsa-needed.txt
=====================================
@@ -21,7 +21,7 @@ curl (ghedo)
 --
 evince/oldstable
 --
-freeimage
+freeimage (hle)
 --
 glusterfs/oldstable
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9230da06754e42eee20625be473660607c8b59f2...f8931f4d2d26ab44f5e16b42fea51b74db347fab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9230da06754e42eee20625be473660607c8b59f2...f8931f4d2d26ab44f5e16b42fea51b74db347fab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191017/e62a79d4/attachment-0001.html>