[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-19869: remove no-dsa (fixed in stretch-security)

Mon Sep 28 05:51:34 BST 2020


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a88d514 by Adrian Bunk at 2020-09-28T07:10:58+03:00
CVE-2018-19869: remove no-dsa (fixed in stretch-security)

- - - - -
86dc958d by Adrian Bunk at 2020-09-28T07:29:19+03:00
Mark CVE-2019-3681 as no-dsa also for stretch

Already no-dsa in buster, and similar to CVE-2017-9274.

- - - - -
8099abaa by Adrian Bunk at 2020-09-28T07:50:07+03:00
dla: status update

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -108917,6 +108917,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1
 CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
 	- osc <unfixed> (bug #969999)
 	[buster] - osc <no-dsa> (Minor issue)
+	[stretch] - osc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
 	NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0)
 CVE-2019-3680
@@ -116123,7 +116124,6 @@ CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG ima
 	- qtsvg-opensource-src 5.11.3-2 (low)
 	[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 4:4.8.7+dfsg-18 (low)
-	[stretch] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/234142/
 	NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335


=====================================
data/dla-needed.txt
=====================================
@@ -110,7 +110,7 @@ mumble
 --
 nss (Adrian Bunk)
   NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
-  NOTE: 20200914: new CVE for racoon (bunk)
+  NOTE: 20200928: testing fixed package (bunk)
 --
 open-build-service (Utkarsh Gupta)
   NOTE: 20200928: in touch with upstream - still figuring out the best way to backport. (utkarsh)
@@ -118,8 +118,6 @@ open-build-service (Utkarsh Gupta)
 opendmarc
   NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten)
 --
-osc (Adrian Bunk)
---
 packagekit
 --
 php-horde-trean (Mike Gabriel)
@@ -219,4 +217,5 @@ xcftools
   NOTE: 20200605: Patch https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch (gladk)
 --
 zeromq3 (Adrian Bunk)
+  NOTE: 20200928: testing fixed package (bunk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/638e7bf5e94c5ae36630e5faac43580a5bf56504...8099abaa6bcfa9d2f76257a60a6d1f16fe8daf8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/638e7bf5e94c5ae36630e5faac43580a5bf56504...8099abaa6bcfa9d2f76257a60a6d1f16fe8daf8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200928/e4d371c1/attachment-0001.html>
