[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2019-19344 does not affect samba in jessie

Sun Jan 26 21:45:58 GMT 2020


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aba89204 by Roberto C. Sánchez at 2020-01-26T16:44:00-05:00
CVE-2019-19344 does not affect samba in jessie

- - - - -
1f2a3d7e by Roberto C. Sánchez at 2020-01-26T16:44:04-05:00
Mark CVE-2019-14902, CVE-2019-14907 as minor for samba in jessie

- - - - -
895c9653 by Roberto C. Sánchez at 2020-01-26T16:45:03-05:00
LTS/remove samba from dla-needed.txt, no open issues remain

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -15627,6 +15627,7 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo
 	- samba <unfixed>
 	[buster] - samba <no-dsa> (Minor issue)
 	[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
+	[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
 CVE-2019-19343
 	RESERVED
@@ -31172,6 +31173,7 @@ CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 an
 	- samba <unfixed>
 	[buster] - samba <no-dsa> (Minor issue)
 	[stretch] - samba <no-dsa> (Minor issue)
+	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
 CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
 	NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7
@@ -31195,6 +31197,7 @@ CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, al
 	- samba <unfixed>
 	[buster] - samba <no-dsa> (Minor issue)
 	[stretch] - samba <no-dsa> (Minor issue)
+	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
 CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...)
 	{DLA-2068-1}


=====================================
data/dla-needed.txt
=====================================
@@ -109,8 +109,6 @@ salt
   NOTE: 20200118: very similar code passage in salt/jessie's salt/client/api.py file.
   NOTE: 20200118: Needs to be checked, if that code is vulnerable or not.
 --
-samba (Roberto C. Sánchez)
---
 slurm-llnl
   NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
   NOTE: Regression found. (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6...895c965340ffe535f215ea1426356581ab56c52b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6...895c965340ffe535f215ea1426356581ab56c52b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200126/80076cd9/attachment.html>
