[Git][security-tracker-team/security-tracker][master] thunderbird, lilypond, openexr DSAs

Sat Aug 29 18:27:29 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f95756e4 by Moritz Muehlenhoff at 2020-08-29T19:26:59+02:00
thunderbird, lilypond, openexr DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -196440,7 +196440,6 @@ CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress fun
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...)
 	- openexr <unfixed> (bug #873885)
-	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
@@ -196448,7 +196447,6 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in  ...)
 	- openexr <unfixed> (bug #873885)
-	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
@@ -196456,7 +196454,6 @@ CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill functio
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
 	- openexr <unfixed> (low; bug #873885)
-	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
@@ -196471,7 +196468,6 @@ CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits functi
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function  ...)
 	- openexr <unfixed> (bug #873885)
-	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,12 @@
+[29 Aug 2020] DSA-4756-1 lilypond - security update
+	{CVE-2020-17353}
+	[buster] - lilypond 2.19.81+really-2.18.2-13+deb10u1
+[29 Aug 2020] DSA-4755-1 openexr - security update
+	{CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306}
+	[buster] - openexr 2.2.1-4.1+deb10u1
+[29 Aug 2020] DSA-4754-1 thunderbird - security update
+	{CVE-2020-15664 CVE-2020-15669}
+	[buster] - thunderbird 1:68.12.0-1~deb10u1
 [29 Aug 2020] DSA-4753-1 mupdf - security update
 	{CVE-2019-13290}
 	[buster] - mupdf 1.14.0+ds1-4+deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -22,20 +22,14 @@ curl (ghedo)
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review
 --
-lilypond (jmm)
---
 linux (carnil)
   Wait until more issues have piled up
 --
-openexr (jmm)
---
 rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --
 teeworlds (jmm)
 --
-thunderbird (jmm)
---
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95756e4844fe46333dcdf72d25b48218654a395

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95756e4844fe46333dcdf72d25b48218654a395
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200829/7f215989/attachment-0001.html>
