[Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: add ghostscript

Fri, 30 Aug 2019 03:45:56 -0700 


Mike Gabriel pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
03d7e457 by Mike Gabriel at 2019-08-30T10:43:47Z
data/dla-needed.txt: add ghostscript

- - - - -
e558dc56 by Mike Gabriel at 2019-08-30T10:44:17Z
data/dla-needed.txt: add irssi.

- - - - -
da2286f9 by Mike Gabriel at 2019-08-30T10:44:48Z
data/CVE/list: Triage golang/jessie.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2959,6 +2959,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x 
before 1.12.8 mishandles
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        - golang <removed>
+       [jessie] - golang <ignored> (Fix too invasive to backport, url.go file 
in jessie too far behind upstream)
        NOTE: Issue: https://github.com/golang/go/issues/29098
        NOTE: 
https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc 
(golang-1.11)
        NOTE: 
https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 
(golang-1.12)
@@ -19354,6 +19355,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are 
vulnerable to a reset flood, pote
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        - golang <removed>
+       [jessie] - golang <not-affected> (No HTTP2 support yet)
        - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
        - nodejs <unfixed> (bug #934885)
        [stretch] - nodejs <not-affected> (No HTTP2 support yet)
@@ -19390,6 +19392,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are 
vulnerable to ping floods, potent
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        - golang <removed>
+       [jessie] - golang <not-affected> (No HTTP2 support yet)
        - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
        - trafficserver 8.0.5+ds-1 (bug #934887)
        - h2o 2.2.5+dfsg2-3 (bug #934886)


=====================================
data/dla-needed.txt
=====================================
@@ -37,6 +37,8 @@ freeimage
   NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
   NOTE: 20190707: maintainer is waiting for upstream 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
 --
+ghostscript
+--
 golang-go.crypto
   NOTE: 20190707: Check that an upload of this will not require reverse 
build-deps to also be recompiled (see previous golang uploads?). (lamby)
 --
@@ -53,6 +55,8 @@ imagemagick
   NOTE: 20190829: we also work on <no-dsa> issues whereas the security team 
would not.
   NOTE: 20190829: Only claim this, if nothing more urgent is available in 
dla-needed.txt.
 --
+irssi (Mike Gabriel)
+--
 libav
   NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
   NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no 
patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to