[Git][security-tracker-team/security-tracker][master] 3 commits: Added fontforge to dla-needed.

Wed Mar 6 19:42:41 GMT 2024


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42024d4f by Ola Lundqvist at 2024-03-06T20:42:23+01:00
Added fontforge to dla-needed.

  Arbitrary command execution is tricky even if this is an "editor" application and
  you should not load untrusted files.

- - - - -
85dcb981 by Ola Lundqvist at 2024-03-06T20:42:25+01:00
Marked CVE-2019-9515 as minor issue for buster following bookworm decision.

- - - - -
e69488da by Ola Lundqvist at 2024-03-06T20:42:25+01:00
Added postgresql-11 to dla-needed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -344479,6 +344479,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
 	- h2o 2.2.5+dfsg2-3 (bug #934886)
 	- rust-h2 0.3.24-1 (bug #1062667)
 	[bookworm] - rust-h2 <no-dsa> (Minor issue)
+	[buster] - rust-h2 <no-dsa> (Minor issue)
 	NOTE: Issue: https://github.com/golang/go/issues/33606
 	NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11)
 	NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12)


=====================================
data/dla-needed.txt
=====================================
@@ -102,6 +102,9 @@ edk2
 exiftags
   NOTE: 20240121: Added by Front-Desk (apo)
 --
+fontforge
+  NOTE: 20240306: Added by Front-Desk (opal)
+--
 freeimage
   NOTE: 20240121: Added by Front-Desk (apo)
 --
@@ -225,6 +228,9 @@ nvidia-graphics-drivers-legacy-390xx
   NOTE: 20240303: Added by Front-Desk (apo)
   NOTE: 20240303: See comment for nvidia-graphics-drivers.
 --
+postgresql-11
+  NOTE: 20240306: Added by Front-Desk (opal)
+--
 putty
   NOTE: 20231224: Added by Front-Desk (ta)
   NOTE: 20230104: massive code change against bullseye. May be better to backport bullseye (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0112cce0c6cf71931b7319a1dffb32e463f0fc06...e69488dacb99e1f4cd63a5b9bb1c8ca65f1197cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0112cce0c6cf71931b7319a1dffb32e463f0fc06...e69488dacb99e1f4cd63a5b9bb1c8ca65f1197cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240306/6759e694/attachment-0001.htm>
