[Git][security-tracker-team/security-tracker][master] 2 commits: patch available for liblouis, triage in LTS

[Antoine Beaupré]

Antoine Beaupré pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b2e763e3 by Antoine Beaupré at 2018-05-30T11:38:44-04:00
patch available for liblouis, triage in LTS

- - - - -
81aa8758 by Antoine Beaupré at 2018-05-30T11:41:42-04:00
triage libpodofo out of lts

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -296,6 +296,7 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer 
Overflow in the function
        [stretch] - liblouis <no-dsa> (Minor issue)
        [jessie] - liblouis <no-dsa> (Minor issue)
        NOTE: https://github.com/liblouis/liblouis/issues/575
+       NOTE: 
https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
 CVE-2018-11439 [remote information disclosure via a crafted audio file in 
taglib 1.11.1]
        RESERVED
        - taglib <unfixed>
@@ -791,16 +792,19 @@ CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. 
The function ...)
        - libpodofo <unfixed> (low)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
+       [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575851
 CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function ...)
        - libpodofo <unfixed> (low)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
+       [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502
 CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive 
...)
        - libpodofo <unfixed> (low)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
+       [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576174
 CVE-2018-11253
        RESERVED


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -29,6 +29,8 @@ libav (Hugo Lefeuvre)
   NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. 
Help needed for CVE triage and patch development.
   NOTE: 20180529: Just contacted some of the CVE reporters to ask for the 
reproducers, CC-ed team ML.
 --
+liblouis
+--
 linux
 --
 ming (Hugo Lefeuvre)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c06d20ebb37e44ff8176e1956d4b949bcbbfab5e...81aa87586909eba76c2c2a289b2e6f6fc5776d43

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c06d20ebb37e44ff8176e1956d4b949bcbbfab5e...81aa87586909eba76c2c2a289b2e6f6fc5776d43
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits