[Git][security-tracker-team/security-tracker][master] 2 commits: Update status of squid3 and imagemagick in dla-needed.txt

Mon Jun 22 09:00:48 BST 2020


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1ce3d59 by Markus Koschany at 2020-06-22T09:59:01+02:00
Update status of squid3 and imagemagick in dla-needed.txt

- - - - -
155aade8 by Markus Koschany at 2020-06-22T10:00:17+02:00
CVE-2019-18679,squid3: Correct link to upstream patch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -39335,7 +39335,7 @@ CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8.
 	{DSA-4682-1 DLA-2028-1}
 	- squid 4.9-1
 	- squid3 <removed>
-	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
+	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
 CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...)
 	{DSA-4682-1 DLA-2028-1}


=====================================
data/dla-needed.txt
=====================================
@@ -53,6 +53,7 @@ freerdp
 glib-networking
 --
 imagemagick (Markus Koschany)
+  NOTE: 20200622: Ongoing work
 --
 libdatetime-timezone-perl
   NOTE: 20200514: LTS update must wait on oldstable update first (via point release) to prevent newer version in LTS (roberto)
@@ -114,9 +115,9 @@ qemu (Adrian Bunk)
 sqlite3 (Abhijith PA)
   NOTE: 20200620: WIP (abhijith)
 --
-squid3
-  NOTE: 20200531: Ongoing work on squid3 in Stretch which will be used for Jessie
-  NOTE: 20200531: and Stretch. (apo)
+squid3 (Markus Koschany)
+  NOTE: 20200622: https://people.debian.org/~apo/lts/squid3/
+  NOTE: 20200622: Patch for CVE-2019-12523 almost complete.
 --
 sympa
   NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37eb2a38468547b9f4cd3f45543076f28f5cc9d9...155aade8fddf7f5db0a87c52d66d8e2b3837bfbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37eb2a38468547b9f4cd3f45543076f28f5cc9d9...155aade8fddf7f5db0a87c52d66d8e2b3837bfbe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200622/21dd1fe1/attachment-0001.html>
