Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
915804fa by Moritz Muehlenhoff at 2019-01-21T22:12:23Z
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -928,11 +928,12 @@ CVE-2019-6134
RESERVED
CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time"
protection mechanism ...)
- policykit-1 0.105-25 (bug #918985)
+ [stretch] - policykit-1 <no-dsa> (Minor issue, kernel mitigation will
land in next 4.9.x rebase)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
NOTE:
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
NOTE: Issue can be mitigated in kernel with
- NOTE:
https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
+ NOTE:
https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf (landed
in 4.9.150)
CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory
leak in ...)
NOT-FOR-US: Bento4
CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with
stack ...)
@@ -6966,7 +6967,8 @@ CVE-2018-20550
RESERVED
CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c
(function ...)
{DLA-1631-1}
- - libcaca <unfixed> (bug #917807)
+ - libcaca <unfixed> (low; bug #917807)
+ [stretch] - libcaca <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
NOTE: https://github.com/cacalabs/libcaca/issues/41
NOTE: Fixed by:
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
@@ -6979,13 +6981,15 @@ CVE-2018-20548 (There is an illegal WRITE memory access
at common-image.c (funct
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c
(function ...)
{DLA-1631-1}
- - libcaca <unfixed> (bug #917807)
+ - libcaca <unfixed> (low; bug #917807)
+ [stretch] - libcaca <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
NOTE: https://github.com/cacalabs/libcaca/issues/39
NOTE: Fixed by:
https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c
(function ...)
{DLA-1631-1}
- - libcaca <unfixed> (bug #917807)
+ - libcaca <unfixed> (low; bug #917807)
+ [stretch] - libcaca <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
NOTE: https://github.com/cacalabs/libcaca/issues/38
NOTE: Fixed by:
https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
@@ -6998,7 +7002,8 @@ CVE-2018-20545 (There is an illegal WRITE memory access
at common-image.c (funct
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20544 (There is floating point exception at caca/dither.c (function
...)
{DLA-1631-1}
- - libcaca <unfixed> (bug #917807)
+ - libcaca <unfixed> (low; bug #917807)
+ [stretch] - libcaca <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
NOTE: https://github.com/cacalabs/libcaca/issues/36
NOTE: Upstream fix:
https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c
=====================================
data/dsa-needed.txt
=====================================
@@ -40,6 +40,8 @@ mbedtls
--
mercurial
--
+openjdk-8 (jmm)
+--
openjpeg2 (luciano)
--
openssh (corsac)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/915804fa12a0bde55db368b16581bbd89fe40adb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/915804fa12a0bde55db368b16581bbd89fe40adb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
