[Git][security-tracker-team/security-tracker][master] 2 commits: some DLAs will be fixed in next upload

Sat Oct 26 22:30:35 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22d61e17 by Thorsten Alteholz at 2019-10-26T21:30:40Z
some DLAs will be fixed in next upload

- - - - -
d675f98b by Thorsten Alteholz at 2019-10-26T21:31:31Z
Reserve DLA-1972-1 for mosquitto

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -71532,13 +71532,11 @@ CVE-2018-12552
 CVE-2018-12551 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured  ...)
 	{DSA-4388-1}
 	- mosquitto 1.5.6-1 (bug #921976)
-	[jessie] - mosquitto <postponed> (Minor issue)
 	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
 	NOTE: https://mosquitto.org/files/cve/2018-12551
 CVE-2018-12550 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured  ...)
 	{DSA-4388-1}
 	- mosquitto 1.5.6-1 (bug #921976)
-	[jessie] - mosquitto <postponed> (Minor issue)
 	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
 	NOTE: https://mosquitto.org/files/cve/2018-12550
 CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrec ...)
@@ -136720,7 +136718,6 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurat
 CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...)
 	- mosquitto 1.5.4-1 (low)
 	[stretch] - mosquitto <no-dsa> (Minor issue)
-	[jessie] - mosquitto <postponed> (Minor issue)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
 	NOTE: https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Oct 2019] DLA-1972-1 mosquitto - security update
+	{CVE-2017-7655 CVE-2018-12550 CVE-2018-12551 CVE-2019-11779}
+	[jessie] - mosquitto 1.3.4-2+deb8u4
 [26 Oct 2019] DLA-1971-1 libarchive - security update
 	{CVE-2019-18408}
 	[jessie] - libarchive 3.1.2-11+deb8u8


=====================================
data/dla-needed.txt
=====================================
@@ -82,8 +82,6 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
-mosquitto (Thorsten Alteholz)
---
 nghttp2
   NOTE: 20190930: nghttp2 in jessie is likely not affected by CVE-2019-95{11,13}.
   NOTE: 20190930: waiting for feedback from Thorsten and Abhijith as they put



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/646b42dbdc7fc76adfd1511fdface04a8d2e96c6...d675f98be85e5f1eb4b46167bc35cfd189924980

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/646b42dbdc7fc76adfd1511fdface04a8d2e96c6...d675f98be85e5f1eb4b46167bc35cfd189924980
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191026/dc4198af/attachment.html>
