Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d0427b3a by Moritz Muehlenhoff at 2019-04-24T20:58:23Z buster triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -121,10 +121,11 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3 [jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later) NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112 CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...) - - atril <unfixed> (bug #927821) - - evince <unfixed> (bug #927820) + - atril <unfixed> (unimportant; bug #927821) + - evince <unfixed> (unimportant; bug #927820) NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7 + NOTE: Negligible security impact CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...) - linux 3.11.7-1 NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b @@ -8370,21 +8371,19 @@ CVE-2019-8359 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...) NOT-FOR-US: Hiawatha CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...) - - sox <unfixed> (low) - [buster] - sox <no-dsa> (Minor issue) - [stretch] - sox <no-dsa> (Minor issue) + - sox <unfixed> (low; bug #927906) NOTE: https://sourceforge.net/p/sox/bugs/318 NOTE: https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/ CVE-2019-8356 (An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 ...) - - sox <unfixed> + - sox <unfixed> (bug #927906) NOTE: https://sourceforge.net/p/sox/bugs/321 NOTE: https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/ CVE-2019-8355 (An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integ ...) - - sox <unfixed> + - sox <unfixed> (bug #927906) NOTE: https://sourceforge.net/p/sox/bugs/320 NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/ CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...) - - sox <unfixed> + - sox <unfixed> (bug #927906) NOTE: https://sourceforge.net/p/sox/bugs/319 NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/ CVE-2019-8353 @@ -90260,9 +90259,7 @@ CVE-2017-15234 CVE-2017-15233 RESERVED CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...) - - libjpeg-turbo <unfixed> (low; bug #878567) - [stretch] - libjpeg-turbo <ignored> (Minor issue) - [jessie] - libjpeg-turbo <no-dsa> (Minor issue) + - libjpeg-turbo <unfixed> (unimportant; bug #878567) - libjpeg6b <not-affected> (Vulnerable code not present) - libjpeg8 <not-affected> (Vulnerable code not present) - libjpeg9 <not-affected> (Vulnerable code not present) @@ -90271,6 +90268,7 @@ CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c NOTE: IJG libjpeg releases not affected, see https://lists.debian.org/debian-lts/2017/10/msg00061.html NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/073b0e88a192adebbb479ee2456beb089d8b5de7 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5bc43c7821df982f65aa1c738f67fbf7cba8bd69 + NOTE: Crash in CLI tools, no security impact CVE-2017-15231 RESERVED CVE-2017-15230 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0427b3a6f83fcd238cab4ed17338d7c50440a8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0427b3a6f83fcd238cab4ed17338d7c50440a8e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits