[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-17455 as no-dsa for jessie

Thorsten Alteholz alteholz at debian.org
Fri Oct 25 22:36:47 BST 2019 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77528b1d by Thorsten Alteholz at 2019-10-25T21:32:56Z
mark CVE-2019-17455 as no-dsa for jessie

- - - - -
646a340a by Thorsten Alteholz at 2019-10-25T21:33:42Z
mark CVE-2019-18384 as no-dsa for jessie

- - - - -
5bfe8287 by Thorsten Alteholz at 2019-10-25T21:37:38Z
claim libarchive

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -204,6 +204,7 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17
 	- python2.7 <unfixed>
 	[buster] - python2.7 <not-affected> (Not exploitable, has CVE-2016-10739 fixed)
 	[stretch] - python2.7 <no-dsa> (Minor issue)
+	[jessie] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue38576
 CVE-2019-18347
 	RESERVED
@@ -3271,6 +3272,7 @@ CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAu
 	- libntlm <unfixed> (bug #942145)
 	[buster] - libntlm <no-dsa> (Minor issue)
 	[stretch] - libntlm <no-dsa> (Minor issue)
+	[jessie] - libntlm <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/jas/libntlm/issues/2
 CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...)
 	NOT-FOR-US: Bento4


=====================================
data/dla-needed.txt
=====================================
@@ -42,6 +42,8 @@ libapache2-mod-auth-openidc
   NOTE: 20191011: Upstream patch tightens validation but jessie does not appear
   NOTE: 20191011: to have any validation whatsoever on first glance. (lamby)
 --
+libarchive (Thorsten Alteholz)
+--
 libav
   NOTE: 20190831: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190831: 11 tagged as <no-dsa>. These issues have been triaged, no patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3808b342c99f2d174ec3b45f0c77b54dcee7673...5bfe828785d47b9f3736b3fba305353c62c67ab4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3808b342c99f2d174ec3b45f0c77b54dcee7673...5bfe828785d47b9f3736b3fba305353c62c67ab4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191025/1cb8313e/attachment.html>

More information about the debian-security-tracker-commits mailing list