[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs will be fixed in future upload

Sat Sep 28 10:37:43 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
829fb1de by Thorsten Alteholz at 2019-09-28T09:40:55Z
CVEs will be fixed in future upload

- - - - -
9150ef1b by Thorsten Alteholz at 2019-09-28T09:41:57Z
Reserve DLA-1934-1 for cimg

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -79776,35 +79776,30 @@ CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Desc
 CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
 CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/185
 	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
@@ -79907,14 +79902,12 @@ CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in
 CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/184
 	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
 	- cimg 2.3.6+dfsg-1 (low; bug #892780)
 	[stretch] - cimg <no-dsa> (Minor issue)
-	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
 	NOTE: https://github.com/dtschump/CImg/issues/183
 	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Sep 2019] DLA-1934-1 cimg - security update
+	{CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638 CVE-2018-7639 CVE-2018-7640 CVE-2018-7641 CVE-2019-1010174}
+	[jessie] - cimg 1.5.9+dfsg-1+deb8u1
 [26 Sep 2019] DLA-1933-1 ruby-nokogiri - security update
 	{CVE-2019-5477}
 	[jessie] - ruby-nokogiri 1.6.3.1+ds-1+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -15,10 +15,6 @@ ampache
 --
 apache2 (Markus Koschany)
 --
-cimg (Thorsten Alteholz)
-  NOTE: inline function load_network_external is affected, variable filename
-  NOTE: 20190916: also taking care of no-dsa
---
 clamav
   NOTE: wait for definitive patch to be available, then upgrade to latest upstream
   NOTE: release (follow stretch changes) (hle)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/00ca70f4e12555ca1e415fd0048abfd67eb1896d...9150ef1b1158ffab893354e79dfda4092d54a8d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/00ca70f4e12555ca1e415fd0048abfd67eb1896d...9150ef1b1158ffab893354e79dfda4092d54a8d2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190928/6df6cc6e/attachment-0001.html>
