Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: de6118ef by Moritz Muehlenhoff at 2019-10-01T10:17:24Z buster/stretch triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1967,7 +1967,9 @@ CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Sm - golang-1.12 1.12.10-1 (bug #941173) - golang-1.11 <removed> - golang-1.8 <removed> + [stretch] - golang-1.8 <ignored> (Minor issue) - golang-1.7 <removed> + [stretch] - golang-1.7 <ignored> (Minor issue) - golang <removed> NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q NOTE: https://golang.org/issue/34540 @@ -3990,6 +3992,7 @@ CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...) - rust-smallvec 0.6.10-1 + [buster] - rust-smallvec <no-dsa> (Minor issue) NOTE: https://github.com/servo/rust-smallvec/issues/148 NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...) @@ -19951,6 +19954,7 @@ CVE-2019-10224 [using dscreate in verbose mode results in information disclosure [stretch] - 389-ds-base <not-affected> (vulnerable code not present) [jessie] - 389-ds-base <not-affected> (vulnerable code not present) - python-lib389 <removed> + [stretch] - python-lib389 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147 NOTE: https://pagure.io/389-ds-base/issue/50251 NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310 @@ -22389,9 +22393,9 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection - golang-1.12 1.12-1 - golang-1.11 1.11.6-1 (bug #924630) - golang-1.8 <removed> - [stretch] - golang-1.8 <postponed> (Minor issue, can be fixed along in future DSA) + [stretch] - golang-1.8 <ignored> (Minor issue) - golang-1.7 <removed> - [stretch] - golang-1.7 <postponed> (Minor issue, can be fixed along in future DSA) + [stretch] - golang-1.7 <ignored> (Minor issue) - golang <removed> NOTE: https://github.com/golang/go/issues/30794 NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9 @@ -23057,7 +23061,9 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote - golang-1.12 1.12.8-1 - golang-1.11 1.11.13-1 - golang-1.8 <removed> + [stretch] - golang-1.8 <ignored> (Minor issue) - golang-1.7 <removed> + [stretch] - golang-1.7 <ignored> (Minor issue) - golang <removed> [jessie] - golang <not-affected> (No HTTP2 support yet) - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1 @@ -23095,7 +23101,9 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent - golang-1.12 1.12.8-1 - golang-1.11 1.11.13-1 - golang-1.8 <removed> + [stretch] - golang-1.8 <ignored> (Minor issue) - golang-1.7 <removed> + [stretch] - golang-1.7 <ignored> (Minor issue) - golang <removed> [jessie] - golang <not-affected> (No HTTP2 support yet) - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6118ef838589de05f9f606c90e66ef47d91ede -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6118ef838589de05f9f606c90e66ef47d91ede You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits