Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de6118ef by Moritz Muehlenhoff at 2019-10-01T10:17:24Z
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1967,7 +1967,9 @@ CVE-2019-16276 (Go before 1.12.10 and 1.13.x before
1.13.1 allow HTTP Request Sm
- golang-1.12 1.12.10-1 (bug #941173)
- golang-1.11 <removed>
- golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
NOTE:
https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
NOTE: https://golang.org/issue/34540
@@ -3990,6 +3992,7 @@ CVE-2019-15552 (An issue was discovered in the libflate
crate before 0.1.25 for
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10
for Rust. ...)
- rust-smallvec 0.6.10-1
+ [buster] - rust-smallvec <no-dsa> (Minor issue)
NOTE: https://github.com/servo/rust-smallvec/issues/148
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html
CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15
for Rust. ...)
@@ -19951,6 +19954,7 @@ CVE-2019-10224 [using dscreate in verbose mode results
in information disclosure
[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
- python-lib389 <removed>
+ [stretch] - python-lib389 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147
NOTE: https://pagure.io/389-ds-base/issue/50251
NOTE:
https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310
@@ -22389,9 +22393,9 @@ CVE-2019-9741 (An issue was discovered in net/http in
Go 1.11.5. CRLF injection
- golang-1.12 1.12-1
- golang-1.11 1.11.6-1 (bug #924630)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <postponed> (Minor issue, can be fixed along in
future DSA)
+ [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <postponed> (Minor issue, can be fixed along in
future DSA)
+ [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
NOTE: https://github.com/golang/go/issues/30794
NOTE:
https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
@@ -23057,7 +23061,9 @@ CVE-2019-9514 (Some HTTP/2 implementations are
vulnerable to a reset flood, pote
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
- golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
@@ -23095,7 +23101,9 @@ CVE-2019-9512 (Some HTTP/2 implementations are
vulnerable to ping floods, potent
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
- golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6118ef838589de05f9f606c90e66ef47d91ede
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6118ef838589de05f9f606c90e66ef47d91ede
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
