[Git][security-tracker-team/security-tracker][master] Track proposed updates for batik via {stretch,buster}-pu

Emilio Pozuelo Monfort pochu at debian.org
Fri Jul 10 18:44:23 BST 2020 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4aa4229f by Emilio Pozuelo Monfort at 2020-07-10T19:43:05+02:00
Track proposed updates for batik via {stretch,buster}-pu

- - - - -


4 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45200,6 +45200,8 @@ CVE-2019-17567
 CVE-2019-17566 [SSRF vulnerability]
 	RESERVED
 	- batik <unfixed> (bug #964510)
+	[buster] - batik <no-dsa> (Minor issue, will be fixed via point update)
+	[stretch] - batik <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2
 	NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
 	NOTE: corresponding bug: https://issues.apache.org/jira/browse/BATIK-1276


=====================================
data/dla-needed.txt
=====================================
@@ -21,8 +21,6 @@ ansible
   NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983
   NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
 --
-batik (Emilio)
---
 cacti (Abhijith PA)
   NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith)
   NOTE: 20200620: WIP (abhijith)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -219,3 +219,5 @@ CVE-2019-1010006
 	[stretch] - atril 1.16.1-2+deb9u2
 CVE-2019-11459
 	[stretch] - atril 1.16.1-2+deb9u2
+CVE-2019-17566
+	[stretch] - batik 1.8-4+deb9u2


=====================================
data/next-point-update.txt
=====================================
@@ -178,3 +178,5 @@ CVE-2020-15393
 	[buster] - linux 4.19.131-1
 CVE-2018-20669
 	[buster] - linux 4.19.131-1
+CVE-2019-17566
+	[buster] - batik 1.10-2+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4229f96f9ee33a1ad16c4d3e0724d4cf2477b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4229f96f9ee33a1ad16c4d3e0724d4cf2477b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200710/e11e2197/attachment.html>

More information about the debian-security-tracker-commits mailing list