[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-17371 as no-dsa for Jessie
Thorsten Alteholz
alteholz at debian.org
Fri Oct 18 11:17:59 BST 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4df2db6f by Thorsten Alteholz at 2019-10-18T10:19:15Z
mark CVE-2019-17371 as no-dsa for Jessie
- - - - -
df884cd4 by Thorsten Alteholz at 2019-10-18T10:19:55Z
no upload needed for libpng
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2939,6 +2939,7 @@ CVE-2019-17371 (libpng 1.6.37 has memory leaks in png_malloc_warn and png_create
[buster] - libpng1.6 <no-dsa> (Minor issue)
[stretch] - libpng1.6 <no-dsa> (Minor issue)
- libpng <removed>
+ [jessie] - libpng <no-dsa> (Minor issue)
NOTE: https://github.com/glennrp/libpng/issues/307
CVE-2019-17370 (OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheck ...)
NOT-FOR-US: OTCMS
=====================================
data/dla-needed.txt
=====================================
@@ -82,8 +82,6 @@ libmatio (Adrian Bunk)
--
libpcap (Abhijith PA)
--
-libpng (Thorsten Alteholz)
---
libqb
NOTE: 20190616: Upstream patch does not apply at all, but it appears that
NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42...df884cd412157eb474bc2552d0c65436cbc0ea50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42...df884cd412157eb474bc2552d0c65436cbc0ea50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191018/d790ee7a/attachment.html>
More information about the debian-security-tracker-commits
mailing list