[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-19211/ncurses: revert <ignored>

Sylvain Beucler (@beuc) beuc at debian.org
Tue May 24 08:39:16 BST 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ad2a5e5 by Sylvain Beucler at 2022-05-24T09:31:30+02:00
CVE-2018-19211/ncurses: revert <ignored>
as it was triaged that way following misunderstanding
cf. b63449c175b0744d9128deaf978587844fbaa439
and c885282feef1b73ed58d436ebb2e4e478a4b009a

- - - - -
bff1e4c4 by Sylvain Beucler at 2022-05-24T09:37:53+02:00
dla: add ncurses

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -239409,7 +239409,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
 	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
 CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
 	- ncurses 6.1+20180210-3 (low)
-	[stretch] - ncurses <ignored> (Minor issue)
+	[stretch] - ncurses <postponed> (Minor issue)
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754


=====================================
data/dla-needed.txt
=====================================
@@ -159,6 +159,9 @@ modsecurity-crs
 mysql-connector-java (Markus Koschany)
   NOTE: 20220512: Requires a new upstream version. (apo)
 --
+ncurses
+  NOTE: 20220524: Harmonize with Debian 10.2 (2-3 CVEs + some non-CVE'd issues) (Beuc/front-desk)
+--
 ntfs-3g
   NOTE: 20220515: Please recheck. There are currently not enough information
   NOTE: available. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c5ced46fd6811baaa33eb4ee98aed849307afe12...bff1e4c4f16a8a2a0269c94618f1e494b9aa911d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c5ced46fd6811baaa33eb4ee98aed849307afe12...bff1e4c4f16a8a2a0269c94618f1e494b9aa911d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220524/1bb69eb5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list