Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ff9be23 by Moritz Muehlenhoff at 2019-05-22T21:27:37Z
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -135,22 +135,30 @@ CVE-2019-12223
RESERVED
CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2 <unfixed>
+ [stretch] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <unfixed>
+ [stretch] - libsdl1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621
TODO: check details and correct vulnerability location
CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2 <unfixed>
+ [stretch] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <unfixed>
+ [stretch] - libsdl1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628
TODO: check details and correct vulnerability location
CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2 <unfixed>
+ [stretch] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <unfixed>
+ [stretch] - libsdl1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
TODO: check details and correct vulnerability location
CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2 <unfixed>
+ [stretch] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <unfixed>
+ [stretch] - libsdl1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
TODO: check details and correct vulnerability location
CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
@@ -160,7 +168,9 @@ CVE-2019-12218 (An issue was discovered in libSDL2.a in
Simple DirectMedia Layer
TODO: check details and correct vulnerability location
CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2 <unfixed>
+ [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl1.2 <unfixed>
+ [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
TODO: check details and correct vulnerability location
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
@@ -2265,10 +2275,13 @@ CVE-2019-11340 (util/emailutils.py in Matrix Sydent
before 1.0.2 mishandles regi
NOT-FOR-US: Matrix Sydent
CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in
FFmpeg 4.0 ...)
- ffmpeg 7:4.1.3-1
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ - libav <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of
duplicate ...)
- ffmpeg 7:4.1.3-1
+ - libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
CVE-2019-11337
RESERVED
@@ -7008,14 +7021,15 @@ CVE-2019-9721 (A denial of service in the subtitle
decoder in FFmpeg 4.1 allows
- ffmpeg 7:4.1.3-1 (bug #926666)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
+ - libav <undetermined>
CVE-2019-9720
RESERVED
CVE-2019-9719
RESERVED
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder
allows atta ...)
- ffmpeg 7:4.1.3-1 (low; bug #926666)
- [stretch] - ffmpeg <postponed> (Wait until fixed in 3.2.x release)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
+ - libav <undetermined>
CVE-2019-9717
RESERVED
CVE-2019-9716
@@ -12879,6 +12893,7 @@ CVE-2019-1000016 (FFMPEG version 4.1 contains a
CWE-129: Improper Validation of
- ffmpeg 7:4.1.1-1 (low; bug #922066)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f
+ - libav <undetermined>
CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a
Cross Site S ...)
NOT-FOR-US: Chamilo Chamilo-lms
CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a
Signing oracl ...)
@@ -22946,15 +22961,15 @@ CVE-2018-20407 (An issue was discovered in Bento4
1.5.1-627. There is a memory l
NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer
overflow via a ...)
{DLA-1663-1}
- - python3.7 3.7.0-7
- - python3.6 3.6.7~rc1-1
- - python3.5 <removed>
- [stretch] - python3.5 <no-dsa> (Minor issue)
- - python3.4 <removed>
+ - python3.7 3.7.0-7 (unimportant)
+ - python3.6 3.6.7~rc1-1 (unimportant)
+ - python3.5 <removed> (unimportant)
+ - python3.4 <removed> (unimportant)
NOTE: https://bugs.python.org/issue34656
NOTE:
https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd
(master)
NOTE:
https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77
(3.7)
NOTE:
https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc
(3.6)
+ NOTE: Negligible security impact
CVE-2018-20405 (BigTree 4.3 allows full path disclosure via authenticated
admin/news/ ...)
NOT-FOR-US: BigTree CMS
CVE-2018-20404 (ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900
system ...)
@@ -42283,8 +42298,8 @@ CVE-2018-15823
RESERVED
CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in
FFmpeg throug ...)
- ffmpeg 7:4.0.3-1 (low)
- [stretch] - ffmpeg <postponed> (Minor issue, wait for next 3.2 release)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
+ - libav <undetermined>
CVE-2018-15821
RESERVED
CVE-2018-15820
@@ -45520,7 +45535,6 @@ CVE-2018-1999012 (FFmpeg before commit
9807d3976be0e92e4ece3b4b1701be894cd7c2e1
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
CVE-2018-1999011 (FFmpeg before commit
2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...)
- ffmpeg 7:4.0.2-1
- [stretch] - ffmpeg <postponed> (Minor issue, wait for next 3.2 release)
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286
=====================================
data/dsa-needed.txt
=====================================
@@ -23,6 +23,8 @@ faad2
ffmpeg (jmm)
ping upstream for 3.2.14 release catching up with recent issues
--
+freeimage
+--
glusterfs
--
graphicsmagick
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ff9be23909174bba25dcdba1126db05f360a2e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ff9be23909174bba25dcdba1126db05f360a2e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
