[Git][security-tracker-team/security-tracker][master] 6 commits: add file-roller

Thu Sep 26 08:44:21 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b06c3ea5 by Thorsten Alteholz at 2019-09-26T07:06:28Z
add file-roller

- - - - -
775aba4d by Thorsten Alteholz at 2019-09-26T07:06:57Z
new poppler issue appeared

- - - - -
a93e96e4 by Thorsten Alteholz at 2019-09-26T07:33:07Z
mark CVE-2019-2389 as no-dsa for jessie

- - - - -
8ac95d0c by Thorsten Alteholz at 2019-09-26T07:35:00Z
mark CVE-2019-15941 as not-affected for jessie

- - - - -
e41c6600 by Thorsten Alteholz at 2019-09-26T07:45:20Z
mark CVE-2019-15699 as not-affected for jessie

- - - - -
378378c8 by Thorsten Alteholz at 2019-09-26T07:48:31Z
mark CVE-2019-16411 and CVE-2019-16410 as no-dsa for jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1157,11 +1157,13 @@ CVE-2019-16411 (An issue was discovered in Suricata 4.1.4. By sending multiple I
 	- suricata 1:4.1.5-1 (low)
 	[buster] - suricata <no-dsa> (Minor issue)
 	[stretch] - suricata <no-dsa> (Minor issue)
+	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple fragmen ...)
 	- suricata 1:4.1.5-1 (low)
 	[buster] - suricata <no-dsa> (Minor issue)
 	[stretch] - suricata <no-dsa> (Minor issue)
+	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-16409
 	RESERVED
@@ -2489,6 +2491,7 @@ CVE-2019-15941 [oidc authorization codes are not tied to their RP]
 	RESERVED
 	- lemonldap-ng 2.0.6+ds-1
 	[stretch] - lemonldap-ng <ignored> (Restrictions on OIDC federation added in 2.0)
+	[jessie] - lemonldap-ng <not-affected> (Vulnerable code introduced later)
 	NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on OIDC federation
 	NOTE: were added only in 2.0 the vulnerability has no effect. The vulnerability
 	NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC before)
@@ -3210,6 +3213,7 @@ CVE-2019-15699 (An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Up
 	- suricata 1:4.1.5-1 (low)
 	[buster] - suricata <no-dsa> (Minor issue)
 	[stretch] - suricata <no-dsa> (Minor issue)
+	[jessie] - suricata <not-affected> (Vulnerable code introduced later)
 	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...)
 	NOT-FOR-US: Octopus Deploy
@@ -41875,6 +41879,7 @@ CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can cr
 CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
 	- mongodb <unfixed> (low)
 	[stretch] - mongodb <ignored> (Minor issue)
+	[jessie] - mongodb <ignored> (Minor issue)
 CVE-2019-2388
 	RESERVED
 CVE-2019-2387


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,8 @@ clamav
 --
 e2fsprogs (Thorsten Alteholz)
 --
+file-roller
+--
 freeimage
   NOTE: Maintainer will take care of the update.
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
@@ -108,6 +110,8 @@ openjpeg2
 --
 pam-python
 --
+poppler (Thorsten Alteholz)
+--
 radare2
   NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
   NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/21b8328b5cfb7024f2e1e3800339f5eb0124b0b1...378378c81c9a10eb4c9c7010d8e144cb19d3978c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/21b8328b5cfb7024f2e1e3800339f5eb0124b0b1...378378c81c9a10eb4c9c7010d8e144cb19d3978c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/f17249e7/attachment-0001.html>
