Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0427b3a by Moritz Muehlenhoff at 2019-04-24T20:58:23Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,10 +121,11 @@ CVE-2019-11460 (An issue was discovered in GNOME
gnome-desktop 3.26, 3.28, and 3
[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded
gnome-desktop thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail()
functions ...)
- - atril <unfixed> (bug #927821)
- - evince <unfixed> (bug #927820)
+ - atril <unfixed> (unimportant; bug #927821)
+ - evince <unfixed> (unimportant; bug #927820)
NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7
+ NOTE: Negligible security impact
CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux
kernel befo ...)
- linux 3.11.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
@@ -8370,21 +8371,19 @@ CVE-2019-8359
CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do
directory t ...)
NOT-FOR-US: Hiawatha
CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in
effect_i_dsp.c ...)
- - sox <unfixed> (low)
- [buster] - sox <no-dsa> (Minor issue)
- [stretch] - sox <no-dsa> (Minor issue)
+ - sox <unfixed> (low; bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/318
NOTE:
https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/
CVE-2019-8356 (An issue was discovered in SoX 14.4.2. One of the arguments to
bitrv2 ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/321
NOTE:
https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/
CVE-2019-8355 (An issue was discovered in SoX 14.4.2. In xmalloc.h, there is
an integ ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/320
NOTE:
https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in
effect_i_dsp.c ...)
- - sox <unfixed>
+ - sox <unfixed> (bug #927906)
NOTE: https://sourceforge.net/p/sox/bugs/319
NOTE:
https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8353
@@ -90260,9 +90259,7 @@ CVE-2017-15234
CVE-2017-15233
RESERVED
CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in
jdpostct.c and j ...)
- - libjpeg-turbo <unfixed> (low; bug #878567)
- [stretch] - libjpeg-turbo <ignored> (Minor issue)
- [jessie] - libjpeg-turbo <no-dsa> (Minor issue)
+ - libjpeg-turbo <unfixed> (unimportant; bug #878567)
- libjpeg6b <not-affected> (Vulnerable code not present)
- libjpeg8 <not-affected> (Vulnerable code not present)
- libjpeg9 <not-affected> (Vulnerable code not present)
@@ -90271,6 +90268,7 @@ CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer
Dereference in jdpostct.c
NOTE: IJG libjpeg releases not affected, see
https://lists.debian.org/debian-lts/2017/10/msg00061.html
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/073b0e88a192adebbb479ee2456beb089d8b5de7
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5bc43c7821df982f65aa1c738f67fbf7cba8bd69
+ NOTE: Crash in CLI tools, no security impact
CVE-2017-15231
RESERVED
CVE-2017-15230
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0427b3a6f83fcd238cab4ed17338d7c50440a8e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0427b3a6f83fcd238cab4ed17338d7c50440a8e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
