[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2019-16792 as no-dsa for jessie

Thu Jan 23 14:49:06 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bb9592c by Thorsten Alteholz at 2020-01-23T15:29:45+01:00
mark CVE-2019-16792 as no-dsa for jessie

- - - - -
c35c8bdf by Thorsten Alteholz at 2020-01-23T15:37:20+01:00
mark CVE-2019-20388 as no-dsa for jessie

- - - - -
cec30522 by Thorsten Alteholz at 2020-01-23T15:39:08+01:00
mark CVE-2020-7595 as no-dsa for jessie

- - - - -
16f06f1c by Thorsten Alteholz at 2020-01-23T15:42:31+01:00
add libsolv

- - - - -
88a83625 by Thorsten Alteholz at 2020-01-23T15:45:56+01:00
mark CVE-2019-18932 as no-dsa for jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -691,6 +691,7 @@ CVE-2020-7596
 	RESERVED
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
 	- libxml2 <unfixed> (bug #949582)
+	[jessie] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
 	NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices
@@ -944,6 +945,7 @@ CVE-2019-20389
 	RESERVED
 CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
 	- libxml2 <unfixed> (bug #949583)
+	[jessie] - libxml2 <no-dsa> (Minor issue)
 	NOTE: Proposed merge request: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
 CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
 	- libsolv <unfixed> (bug #949611)
@@ -16540,6 +16542,7 @@ CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in th
 	NOT-FOR-US: Zulip
 CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows  ...)
 	- sarg <unfixed>
+	[jessie] - sarg <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6
 	NOTE: The sarg-reports as shipped in Debian has already safe use of mktemp for
 	NOTE: use of temporary files and directories.
@@ -25273,6 +25276,7 @@ CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by sendi
 	- waitress 1.4.1-1
 	[buster] - waitress <no-dsa> (Minor issue)
 	[stretch] - waitress <no-dsa> (Minor issue)
+	[jessie] - waitress <no-dsa> (Minor issue)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
 	NOTE: https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
 CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...)


=====================================
data/dla-needed.txt
=====================================
@@ -64,6 +64,9 @@ libmatio (Adrian Bunk)
   NOTE: 20190428: older changes seem to also be required for them
   NOTE: 20200112: work is ongoing
 --
+libsolv
+  NOTE: 20200123: Mike is maintainer
+--
 libxmlrpc3-java (Markus Koschany)
 --
 linux (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/84ace8306da15c48b009020db8a113f4287ff2d2...88a8362591be3b6dc178bc1dcf8766a89544b319

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/84ace8306da15c48b009020db8a113f4287ff2d2...88a8362591be3b6dc178bc1dcf8766a89544b319
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200123/3fd09bc8/attachment.html>
