[Git][security-tracker-team/security-tracker][master] 2 commits: follow with no-dsa for open-cobol

Thorsten Alteholz alteholz at debian.org
Mon Sep 23 21:12:51 BST 2019 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84337554 by Thorsten Alteholz at 2019-09-23T20:17:38Z
follow with no-dsa for open-cobol

- - - - -
fd0eb4ff by Thorsten Alteholz at 2019-09-23T20:17:39Z
mark CVE-2019-16058 as no-dsa for Jessie and add NOTE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -769,12 +769,14 @@ CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_na
 	[buster] - gnucobol <no-dsa> (Minor issue)
 	- open-cobol <removed>
 	[stretch] - open-cobol <no-dsa> (Minor issue)
+	[jessie] - open-cobol <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/587/
 CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...)
 	- gnucobol <unfixed> (bug #940949)
 	[buster] - gnucobol <no-dsa> (Minor issue)
 	- open-cobol <removed>
 	[stretch] - open-cobol <no-dsa> (Minor issue)
+	[jessie] - open-cobol <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/586/
 CVE-2019-16390
 	RESERVED
@@ -1797,7 +1799,9 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0
 	- pam-p11 <unfixed> (bug #939664)
 	[buster] - pam-p11 <no-dsa> (Minor issue)
 	[stretch] - pam-p11 <no-dsa> (Minor issue)
+	[jessie] - pam-p11 <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
+	NOTE: PKCS11_sign() is used in Jessie and Stretch and has a similar problem as EVP_SignFinal() everywhere else
 CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...)
 	NOT-FOR-US: D-Link
 CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f3e744b7187b66522e71194950322da6eb53472c...fd0eb4ff0f9465e0b350aab89aac2ebf1bc7c7f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f3e744b7187b66522e71194950322da6eb53472c...fd0eb4ff0f9465e0b350aab89aac2ebf1bc7c7f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190923/d6b088f8/attachment.html>

More information about the debian-security-tracker-commits mailing list