[Git][security-tracker-team/security-tracker][master] CVE-2019-6438,CVE-2019-12838/slurm-llnl: reference patches, precise triage

Sylvain Beucler beuc at debian.org
Fri Mar 6 13:14:02 GMT 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cad2d9f9 by Sylvain Beucler at 2020-03-06T14:13:32+01:00
CVE-2019-6438,CVE-2019-12838/slurm-llnl: reference patches, precise triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44390,6 +44390,7 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allo
 	[jessie] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
+	NOTE: https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.debian.tar.xz (backport)
 CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)
 	NOT-FOR-US: Java API in Generalitat de Catalunya accesuniversitat.gencat.cat
 CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...)
@@ -62790,9 +62791,11 @@ CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL thr
 CVE-2019-6438 (SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bi ...)
 	- slurm-llnl 18.08.5.2-1 (low; bug #920997)
 	[stretch] - slurm-llnl 16.05.9-1+deb9u3
-	[jessie] - slurm-llnl <no-dsa> (Minor issue)
+	[jessie] - slurm-llnl <postponed> (Minor issue, 32-bit only)
 	NOTE: https://www.schedmd.com/news.php?id=213
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html
+	NOTE: https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda
+	NOTE: https://github.com/SchedMD/slurm/commit/a8159065d1a57d6eadf802efa6837ebf4e56f671
 CVE-2019-6437
 	RESERVED
 CVE-2019-6436



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cad2d9f93751cd837396320a5b5b93c38c73b9ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cad2d9f93751cd837396320a5b5b93c38c73b9ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200306/a237ffba/attachment.html>

More information about the debian-security-tracker-commits mailing list