[Git][security-tracker-team/security-tracker][master] 2 commits: follow security team and mark adplug CVEs as no-dsa

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eefebce9 by Thorsten Alteholz at 2019-09-16T14:04:28Z
follow security team and mark adplug CVEs as no-dsa

- - - - -
b905e78c by Thorsten Alteholz at 2019-09-16T14:04:49Z
only no-dsa issues for adplug

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3296,6 +3296,7 @@ CVE-2019-15151 (AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/91
 CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulner ...)
 	NOT-FOR-US: OAuth2 Client MediaWiki extension
@@ -4651,16 +4652,19 @@ CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoa
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/90
 CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::l ...)
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/89
 CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::l ...)
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/88
 CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
 	NOT-FOR-US: ZenTao CMS
@@ -4742,16 +4746,19 @@ CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::loa
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/87
 CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...)
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/86
 CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...)
 	- adplug <unfixed>
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
+	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/85
 CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...)
 	- musl 1.1.23-2


=====================================
data/dla-needed.txt
=====================================
@@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
---
-adplug
 --
 ampache
   NOTE: package only in Jessie



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7c276f89617ee6cd7e2a37478720be5f255e1810...b905e78c24b34b14b2559ac274347f1df3a33a9a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7c276f89617ee6cd7e2a37478720be5f255e1810...b905e78c24b34b14b2559ac274347f1df3a33a9a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190916/321f2246/attachment.html>